Source: SOPA Images Limited via Alamy Stock Photo

SolarWinds is urging its customers to patch a critical vulnerability that was discovered in its Web Help Desk platform, tracked as CVE-2024-28986.

This vulnerability is a Java deserialization remote code execution (RCE) flaw that was initially discovered by researchers at Inmarsat Government. 

Left unpatched, the vulnerability will allow an attacker to run commands on the host machine if exploited, the researchers reported in the advisory.

"While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing," the advisory stated.

CVE-2024-28986 was given a CVSS v3 score of 9.8, underscoring how critical it is that Web Help Desk customers apply the patch, which is now readily available, immediately. 

The vendor recommends that all versions of Web Help Desk should be upgraded to version 12.8.3, and then the hotfix should be installed.