Security News > 2024 > June > SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately

SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately
2024-06-21 08:54

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2


News URL

https://thehackernews.com/2024/06/solarwinds-serv-u-vulnerability-under.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-28995 Unspecified vulnerability in Solarwinds Serv-U
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
network
low complexity
solarwinds
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 1 89 98 43 231