WHD 12.8.3 Hotfix 3 release notes
Release date: October 15, 2024
Last updated: October 23, 2024
Fixed customer issues: October 23, 2024
Here's what's new in WHD 12.8.3 Hotfix 3. You can find the applicable system requirements here.
To view release notes, system requirements, and product guide PDFs for supported versions of WHD, see WHD previous versions. To view release notes for multiple versions
Attention 12.8.3 Hotfix 3 customers
WHD 12.8.3 Hotfix 3 provides bug and security fixes for release 12.8.3. It also includes all the fixes from Hotfix 1 and Hotfix 2, as well as enhancements and other fixes. For information about the 12.8.3 release, including EOL notices and upgrade information, see 12.8.3 Release Notes.
This hotfix also includes the fixes from 12.8.3 Hotfix 1 and 2, which resolve the following issues:
-
Fixes SolarWinds Web Help Desk Hardcoded Credential Vulnerability (see CVEs table)
-
Adds more patterns to fix an SSO issue
-
Restores missing Upload Attachments, Cancel, and Save buttons in the client application
-
SolarWinds Web Help Desk Broken Access Control Remote Code Execution Vulnerability (see CVEs table)
New features and improvements in WHD
Last updated: October 15, 2024
Enhanced localization support
Canned response templates now support localization.
Fixed CVEs
At SolarWinds, we prioritize the swift resolution of CVEs to ensure the security and integrity of our software. In this release, we have successfully addressed the following CVEs.
SolarWinds CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity | Credit |
|---|---|---|---|---|
| CVE-2024-28988 | SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability (CVE-2024-28988) | SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. |
9.8 Critical | Guy Lederfein of Trend Micro |
| CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. | Critical 9.1 | Zach Hanley |
| CVE-2024-28986 | SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability | SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. | 9.8 Critical | Inmarsat Government / Viasat |
Fixed customer issues
| Case number | Description |
|---|---|
| 01746319, 01750250 | Clients can now access older tickets on the client UI. |
| 01748857 | BB Code is supported in canned response templates. |
| 01751747, 01757596, 01760495, 01759118 | Added All/Specific option for Status Type selection in canned response templates. |
| 01741917, 01757596 | Email Templates now appear on all Ticket Update Emails instead of Canned Responses. |
| 01733271, 01758653 | Resolved issue with non-admin users being able to see all tickets, including deleted ones. |
| 01550538, 01673485 | Resolved issue with JVM argument to allow users to opt out of IP binding enforcement. |
| 01736325, 01733113 | Resolved error in WHD 12.8.3 Hotfix 2 created when authorizing incoming mail account for Gmail. |
| 01748114, 01758968 | Web Help Desk FAQ Issues. |
| 01748587, 01746456, 01748154, 01739671, 01763410, 01763692, 01763712 | Added password reset url regex. |
Installation instructions
For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the WHD Installation and Upgrade Guide.
After you complete the installation, see the WHD Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to take to start using the application.
WHD supports Windows Server 2019 and 2022 for production environments and Windows 11 for trial evaluations. These operating system require additional setup to install. See the WHD Installation and Upgrade Guide for instructions.
To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.
WHD no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.
If you are installing WHD 12.7.12 with FIPS mode disabled, make sure version 12.7.9 is running on the host server before you install. When the installation is completed, enable FIPS mode.
For upgrades, use the WHD Installation and Upgrade Guide to plan and execute your upgrade. When you are ready, download the upgrade package from the SolarWinds Customer Portal.
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.