Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SolarWinds Urges Patch for Critical RCE

August 15, 2024
Reading Time: 2 mins read
in Alerts
Iranian-Backed Group Targets U.S. and Israel

SolarWinds has urgently advised its customers to patch a critical vulnerability found in its Web Help Desk platform, identified as CVE-2024-28986. This vulnerability, discovered by Inmarsat Government researchers, involves Java deserialization and poses a serious remote code execution (RCE) risk. If exploited, it could allow attackers to execute arbitrary commands on the host machine. Although extensive testing has not confirmed unauthenticated exploitation, SolarWinds recommends patching as a precautionary measure due to the potential severity of the issue.

To mitigate the risk, SolarWinds advises all users to upgrade to Web Help Desk version 12.8.3 and install the provided hotfix. This vulnerability has been rated with a CVSS v3 score of 9.8, indicating its critical nature and the need for immediate action. SolarWinds has published detailed instructions on how to perform the upgrade and apply the hotfix, including guidance on how to uninstall the hotfix if necessary.

Users are also advised to back up their files before applying the patch to avoid any potential data loss. In addition to the vulnerability issue, SolarWinds is currently facing legal challenges related to a 2021 security breach. A US judge recently dismissed most charges brought by the SEC, which accused SolarWinds and its Chief Information Security Officer, Timothy Brown, of concealing the company’s security weaknesses and defrauding investors. The judge found that these claims were based on hindsight and speculation rather than concrete evidence. However, the court did acknowledge legitimate concerns about the effectiveness of the security controls embedded in SolarWinds’ products.

Despite these legal issues, the company remains focused on addressing the critical vulnerability in its Web Help Desk platform. SolarWinds emphasizes the importance of applying the recommended patch to protect against potential exploitation. Users are encouraged to follow the outlined patching procedures and ensure that their systems are secure by backing up important files before proceeding with the update. The company’s proactive approach aims to minimize the risk to its customers and maintain the integrity of their systems.

Reference:

  • https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Tags: AugustAugust 2024Cyber AlertsCyber Alerts 2024Cyber threatsSolarWindsVulnerabilities
ADVERTISEMENT

Related Posts

Fake DocuSign Alerts Target Corporate Logins

Fake DocuSign Alerts Target Corporate Logins

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

May 28, 2025
Fake DocuSign Alerts Target Corporate Logins

Microsoft Void Blizzard Cyber Threat Alert

May 28, 2025
GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025

Latest Alerts

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

Subscribe to our newsletter

    Latest Incidents

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial