SolarWinds Serv-U 15.4.0 Hotfix2

CPE Details

SolarWinds Serv-U 15.4.0 Hotfix2
solarwinds
serv-u
15.4.0
2023-12-09
03h54 +00:00
2023-12-09
03h54 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:solarwinds:serv-u:15.4.0:hotfix2:*:*:*:*:*:*

Informations

Vendor

solarwinds

Product

serv-u

Version

15.4.0

Update

hotfix2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45711 2024-10-16 07h27 +00:00 SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
8.8
High
CVE-2024-45714 2024-10-16 07h26 +00:00 Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
4.8
Medium
CVE-2024-28995 2024-06-06 09h01 +00:00 SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
8.6
High
CVE-2024-28072 2024-05-03 07h50 +00:00 A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
5.7
Medium
CVE-2024-28073 2024-04-17 16h58 +00:00 SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
8.4
High
CVE-2023-40053 2023-12-06 03h23 +00:00 A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
5
Medium