Security News > 2024 > June > SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately
2024-06-21 08:54
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2
News URL
https://thehackernews.com/2024/06/solarwinds-serv-u-vulnerability-under.html
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-28995 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | 7.5 |