Documentation forWeb Help Desk
Important security updates are available for WHD. SolarWinds recommends you upgrade to version 12.8.3 Hotfix 3.

WHD 12.8.3 Hotfix 3 release notes

Release date: October 15, 2024

Web Help Desk 12.8.3 Hotfix 3 provides bug and security fixes for release 12.8.3. It also includes all the fixes from Hotfix 1 and Hotfix 2, as well as enhancements and other fixes. For information about the 12.8.3 release, including EOL notices and upgrade information, see 12.8.3 Release Notes.

New features and improvements in WHD

Last updated:

Enhanced localization support

Canned response templates now support localization.

Fixes

Last updated: 10/23/2024

12.8.3 Hotfix 3 resolves the following issues not fixed in previous hotfixes:

Case number Description
01746319, 01750250 Clients can now access older tickets on the client UI.
01748857 BB Code is supported in canned response templates.

01751747, 01757596, 01760495, 01759118

 Added All/Specific option for Status Type selection in canned response templates.
01741917, 01757596 Email Templates now appear on all Ticket Update Emails instead of Canned Responses.
01733271, 01758653 Resolved issue with non-admin users being able to see all tickets, including deleted ones.
01550538, 01673485

Resolved issue with JVM argument to allow users to opt out of IP binding enforcement.

Note: This fix is available in HF3 with the default configuration (no entry in the wrapper_template file).

JVM argument to allow users to opt out of IP binding enforcement

If you use an AWS load balancer or a sticky session and face an issue with session logout/termination and an error message Terminating the Session due to IP mismatch or Session is not valid, follow the instructions below and add the required code to the configuration file.

For Windows:

  1. Navigate to the <WebHelpDesk>/bin/wrapper/conf directory.

  2. Open the wrapper_template.conf file in a text editor and search for # Java Additional Parameters.

  3. Add the below configuration at the end of the list and update the configuration no if required.

    wrapper.java.additional.20=-DskipIpBindingWithSession=true

  4. Save and close the wrapper_template.conf file.

For Mac or Linux:

  1. Navigate to the <WebHelpDesk>/conf/ directory.

  2. Open the whd.conf file in a text editor and add the following line at the end of the file:

    JAVA_OPTS="-DskipIpBindingWithSession=true"

  3. Save and close the whd.conf file.
01736325, 01733113 Resolved error in WHD 12.8.3 Hotfix 2 created when authorizing incoming mail account for Gmail.
01748114, 01758968 Web Help Desk FAQ Issues.
01748587, 01746456, 01748154, 01739671, 01763410, 01763692, 01763712 Added password reset url regex.

This hotfix also includes the fixes from 12.8.3 Hotfix 1 and 2, which resolve the following issues:

  • Fixes SolarWinds Web Help Desk Hardcoded Credential Vulnerability (see CVEs table)

  • Adds more patterns to fix an SSO issue

  • Restores missing Upload Attachments, Cancel, and Save buttons in the client application

  • SolarWinds Web Help Desk Broken Access Control Remote Code Execution Vulnerability (see CVEs table)

CVEs

Last updated: October 23th, 2024

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

SolarWinds CVEs

CVE-ID Vulnerability Title Description Severity Credit First fixed in
CVE-2024-28988 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability (CVE-2024-28988)

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research.

We recommend all Web Help Desk customers apply the patch, which is now available.

 9.8 Critical Guy Lederfein of Trend Micro 12.8.3 Hotfix 3
CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

 Critical 9.1 Zach Hanley 12.8.3 Hotfix 2
CVE-2024-28986 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.

However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

 9.8 Critical Inmarsat Government / Viasat 12.8.3 Hotfix 1

Installation or upgrade

Last updated:

For new installations, you can download the installer from the SolarWinds website or from the Customer Portal. For more information, see the WHD Installation and Upgrade Guide.

After you complete the installation, see the WHD Getting Started Guide. This guide picks up right after the installation process and walks you through the initial steps you need to take to start using the application.

WHD supports Windows Server 2019 and 2022 for production environments and Windows 11 for trial evaluations. These operating system require additional setup to install. See the WHD Installation and Upgrade Guide for instructions.

To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.

WHD no longer includes the additional configuration files required to enable Federal Information Processing Standards (FIPS) mode in the application. To install WHD and enable FIPS, see Enable FIPS in a new deployment in the WHD Administrator Guide.

If you are installing WHD 12.7.12 with FIPS mode disabled, make sure version 12.7.9 is running on the host server before you install. When the installation is completed, enable FIPS mode.

For upgrades, use the WHD Installation and Upgrade Guide to plan and execute your upgrade. When you are ready, download the upgrade package from the SolarWinds Customer Portal.

To upgrade to WHD 12.8.3 Hotfix 3, follow the upgrade instructions in Determine the upgrade path to the latest WHD version.

Legal notices

© 2024 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.