SolarWinds urges customers to patch critical Web Help Desk flaw

News
By
published

The vulnerability affecting SolarWinds’ Web Help Desk has been given a critical severity score of 9.8

SolarWinds logo pictured on a smartphone screen with stationary items pictured surrounding.
(Image credit: Getty Images)

SolarWinds has issued a warning to customers after the discovery of a critical vulnerability in the firm’s Web Help Desk solution. 

The vulnerability, tracked as CVE-2024-28986, is a Java deserialization vulnerability that could be exploited to achieve remote code execution, the company confirmed in an advisory last week.

“SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine,” the company said.

SolarWinds’ IT help desk software is used by a host of organizations globally, including private enterprises, government departments, and healthcare firms to automate help desk management processes.

SolarWinds confirmed a hotfix has been made available for users, and applies to Web Help Desk 12.8.3. This will require admins to manually add and modify specific files for the patch to work.

As part of this, the firm recommends admins create backup copies of original files before replacing them. This will ensure a smoother process in the event that the hotfix was not applied correctly.

Recommendations included in the SolarWinds advisory include: 

  • “If your WHD deployment on a public-facing server, install WHD 12.8.3 Hotfix 1.”
  • “If your WHD deployment is NOT on a public-facing server, you can wait until SolarWinds releases a new hotfix.”

No other SolarWinds products or solutions are affected by the flaw.

SolarWinds users urged to patch out of an ‘abundance of caution’

RELATED WHITEPAPER

Patch Management Buyer’s Guide

(Image credit: NinjaOne)

Evaluate your patch readiness and assess potential solutions

In its advisory, SolarWinds confirmed the vulnerability could be exploited, but noted it has been unable to reproduce the flaw without authentication after “thorough testing”. 

Despite this, the firm insisted users should apply the patch immediately. The flaw was given a critical severity score of 9.8, SolarWinds revealed, marking it as ‘critical’.

“Out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available,” the company said in its advisory.

Ross Kelly
Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.