CPE Details
SolarWinds Serv-U 15.4.0 Hotfix 1
15.4.0
2023-08-17
12h33 +00:00
12h33 +00:00
2023-08-29
12h39 +00:00
12h39 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:solarwinds:serv-u:15.4.0:hotfix1:*:*:*:*:*:*
Informations
Vendor
solarwindsProduct
serv-uVersion
15.4.0Update
hotfix1Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | 8.8 |
High |
||
| Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.8 |
Medium |
||
| SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | 8.6 |
High |
||
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | 5.7 |
Medium |
||
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | 8.4 |
High |
||
| A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | 5 |
Medium |
||
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | 7.2 |
High |
2025©
tesweb SA
