{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28988", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "state": "PUBLISHED", "assignerShortName": "SolarWinds", "dateReserved": "2024-03-13T20:27:09.782Z", "datePublished": "2025-09-01T21:18:58.626Z", "dateUpdated": "2025-09-03T03:55:24.519Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Web Help Desk", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "12.8.3 HF 2 and previous versions"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Guy Lederfein of Trend Micro"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><p>SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.<span style=\"background-color: var(--wht);\">&nbsp;</span></p></div><div></div><div><p>We recommend all Web Help Desk customers apply the patch, which is now available.<span style=\"background-color: var(--wht);\">&nbsp;</span></p></div><div></div><div><p>We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. &nbsp; </p></div>"}], "value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2025-09-01T21:18:58.626Z"}, "references": [{"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"}], "value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3"}], "source": {"discovery": "UNKNOWN"}, "title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-02T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-28988"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T03:55:24.519Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28988", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-02T12:58:20.392190Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T13:03:37.905Z"}}], "cna": {"title": "SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Guy Lederfein of Trend Micro"}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "Web Help Desk", "versions": [{"status": "affected", "version": "12.8.3 HF 2 and previous versions"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3", "supportingMedia": [{"type": "text/html", "value": "All SolarWinds Web Help Desk customers are advised to upgrade to the latest version of the SolarWinds Web Help Desk 12.8.3 HF 3", "base64": false}]}], "references": [{"url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.", "supportingMedia": [{"type": "text/html", "value": "<div><p>SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.<span style=\"background-color: var(--wht);\">&nbsp;</span></p></div><div></div><div><p>We recommend all Web Help Desk customers apply the patch, which is now available.<span style=\"background-color: var(--wht);\">&nbsp;</span></p></div><div></div><div><p>We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. &nbsp; </p></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2025-09-01T21:18:58.626Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28988", "state": "PUBLISHED", "dateUpdated": "2025-09-03T03:55:24.519Z", "dateReserved": "2024-03-13T20:27:09.782Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2025-09-01T21:18:58.626Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "5426A720-F345-4C8E-B5B5-76639D447A6D", "versionEndIncluding": "12.8.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:-:*:*:*:*:*:*", "matchCriteriaId": "331BF887-F099-419E-9664-EE2EC76E2E23", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix1:*:*:*:*:*:*", "matchCriteriaId": "7FCFD6C1-EF56-47F4-AFE5-AD8E54232FF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.3:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "DB6BE43D-5CCE-48BE-8A0A-378BBC265648", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.\u00a0\n\n\n\n\n\nWe recommend all Web Help Desk customers apply the patch, which is now available.\u00a0\n\n\n\n\n\nWe thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities."}], "id": "CVE-2024-28988", "lastModified": "2025-11-14T23:32:43.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@solarwinds.com", "type": "Primary"}]}, "published": "2025-09-01T22:15:30.070", "references": [{"source": "psirt@solarwinds.com", "tags": ["Broken Link"], "url": "https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-3"}, {"source": "psirt@solarwinds.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28988"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@solarwinds.com", "type": "Primary"}]}

{}

{"created": "2025-09-02T15:23:08.199513+00:00", "updated": "2025-09-02T15:23:08.199564+00:00", "vendors": ["solarwinds", "solarwinds$PRODUCT$web_help_desk"]}