CPE Details
SolarWinds Serv-U 15.4.0 Hotfix 1
15.4.0
2023-08-17
12h33 +00:00
12h33 +00:00
2023-08-29
12h39 +00:00
12h39 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:solarwinds:serv-u:15.4.0:hotfix1:*:*:*:*:*:*
Informations
Vendor
solarwindsProduct
serv-uVersion
15.4.0Update
hotfix1Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | 8.8 |
Haute |
||
| Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.8 |
Moyen |
||
| SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | 8.6 |
Haute |
||
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | 5.7 |
Moyen |
||
| SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | 8.4 |
Haute |
||
| A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | 5 |
Moyen |
||
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | 7.2 |
Haute |
2025©
tesweb SA
