BleepingComputer reports that SolarWinds has issued a hotfix for a critical Java serialization vulnerability in its Web Help Desk solution, which could be leveraged to facilitate remote code execution.
All but the latest version of the SolarWinds Web Help Desk software used by healthcare and government organizations, as well as corporations for optimizing help desk tasks are affected by the security issue, tracked as CVE-2024-28986. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," said SolarWinds, which noted that updating to Web Help Desk 12.8.3.1813 is needed for the fix to be functional. Organizations looking to address the bug have also been urged to ensure backups to avert potential data loss following an unsuccessful update.
