Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Serv\-U
(Solarwinds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-06 | CVE-2023-40053 | A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | Serv\-U | 5.0 | ||
| 2023-06-15 | CVE-2023-23841 | SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. | Serv\-U | 7.5 | ||
| 2023-08-11 | CVE-2023-35179 | A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | Serv\-U | 7.2 | ||
| 2023-09-07 | CVE-2023-40060 | A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | Serv\-U | 7.2 | ||
| 2021-07-14 | CVE-2021-35211 | Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability. | Serv\-U | 10.0 | ||
| 2022-04-25 | CVE-2021-35250 | A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | Serv\-U | 7.5 | ||
| 2022-12-16 | CVE-2021-35252 | Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | Serv\-U | 7.5 | ||
| 2022-12-16 | CVE-2022-38106 | This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | Serv\-U | 5.4 | ||
| 2021-12-06 | CVE-2021-35245 | When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | Serv\-U | 6.8 | ||
| 2022-05-17 | CVE-2021-35249 | This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. | Serv\-U | 4.3 |