SolarWinds Serv-U 15.3.0

CPE Details

SolarWinds Serv-U 15.3.0
solarwinds
serv-u
15.3.0
2023-09-29
17h00 +00:00
2023-09-29
17h00 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:solarwinds:serv-u:15.3.0:*:*:*:*:*:*:*

Informations

Vendor

solarwinds

Product

serv-u

Version

15.3.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45711 2024-10-16 07h27 +00:00 SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
8.8
Haute
CVE-2024-45714 2024-10-16 07h26 +00:00 Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
4.8
Moyen
CVE-2024-28995 2024-06-06 09h01 +00:00 SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
8.6
Haute
CVE-2024-28072 2024-05-03 07h50 +00:00 A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
5.7
Moyen
CVE-2024-28073 2024-04-17 16h58 +00:00 SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
8.4
Haute
CVE-2023-23841 2023-06-14 22h00 +00:00 SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data. 
7.5
Haute
CVE-2021-35252 2022-12-15 23h00 +00:00 Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
7.5
Haute
CVE-2022-38106 2022-12-15 23h00 +00:00 This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
5.4
Moyen
CVE-2021-35249 2022-05-17 19h44 +00:00 This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
4.3
Moyen