CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Sep 5, 2024

CVE-2024-28986

High

EPSS 78.4%CISA KEV

SolarWinds/Web Help Desk

Description

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

EPSS — Exploit Probability

78.4%

Higher than 99.0% of all CVEs

Required Action

https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986; https://nvd.nist.gov/vuln/detail/CVE-2024-28986

Related Articles (1)

Recent Ivanti Endpoint Manager Flaw Exploited in Attacks

CISA has added the high-severity authentication bypass vulnerability to its KEV list, along with SolarWinds and Workspace One bugs.

Mar 10, 2026

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 78.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 1

Timeline

Published

Aug 15, 2024

Added to KEV

Aug 15, 2024

Remediation Due

Sep 5, 2024

Affected Product

SolarWinds

Web Help Desk

View all SolarWinds CVEs

External Links

NVD (NIST)CVE Details MITRE CVE