Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Serv\-U
(Solarwinds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-17 | CVE-2021-35249 | This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed. | Serv\-U | 4.3 | ||
| 2022-12-16 | CVE-2022-38106 | This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | Serv\-U | 5.4 | ||
| 2022-12-16 | CVE-2021-35252 | Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | Serv\-U | 7.5 | ||
| 2023-06-15 | CVE-2023-23841 | SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. | Serv\-U | 7.5 | ||
| 2023-08-11 | CVE-2023-35179 | A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | Serv\-U | N/A | ||
| 2023-09-07 | CVE-2023-40060 | A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | Serv\-U | N/A | ||
| 2023-12-06 | CVE-2023-40053 | A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | Serv\-U | N/A | ||
| 2024-10-16 | CVE-2024-45714 | Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | Serv\-U | 4.1 | ||
| 2024-10-16 | CVE-2024-45711 | SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability | Serv\-U | 8.8 | ||
| 2018-05-16 | CVE-2018-10241 | A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. | Serv\-U | 6.5 |