Recent Critical SolarWinds RCE Vulnerability Actively Abused, CISA Warns

CISA issued a warning about active exploitation of a critical vulnerability in SolarWinds' Web Help Desk (WHD) software, used by various organizations globally. The flaw, tracked as CVE-2024-28986, is a Java deserialization issue that can allow remote code execution on affected servers. SolarWinds released a hotfix to address the vulnerability but noted that the issue could not be reproduced without authentication. Despite this, all users are urged to apply the patch, with a separate update pending for those using SAML Single Sign-On (SSO). Read more...