"SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day"

The US cybersecurity agency CISA recently warned that a fresh critical-severity vulnerability in SolarWinds Web Help Desk has been exploited in attacks.  The bug is tracked as CVE-2024-28986 (CVSS score of 9.8) and is described as a Java deserialization remote code execution (RCE) issue that could allow attackers to run commands on the host machine.  This week, SolarWinds announced a hotfix addressing the vulnerability and noted that authentication is required for successful exploitation without mentioning its in-the-wild exploitation.  SolarWinds recommended that all customers apply the available patch, which is compatible with Web Help Desk version 12.8.3.1813 only, urging users of previous iterations to upgrade as soon as possible.  The flaw impacts versions 12.4 to 12.8 of the helpdesk solution.  The company has since updated its advisory to warn that the hotfix should not be applied to Web Help Desk installations if SAML Single Sign-On (SSO) is utilized.

SecurityWeek reports: "SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day"