exploitDog

GHSA-vfrj-f292-3f24

Опубликовано: 23 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Ссылки

EPSS

Процентиль: 94%

0.12863

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2025-26399

CVSS3: 9.8

nvd

5 месяцев назад

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

BDU:2025-11514

CVSS3: 9.8

fstec

5 месяцев назад

Уязвимость компонента AjaxProxy программного обеспечения управления ИТ-инфраструктурой SolarWinds Web Help Desk (WHD), позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 94%

0.12863

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502