Vulnerabilities > Solarwinds > Serv U
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-45711 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. | 8.8 |
| 2024-10-16 | CVE-2024-45714 | Cross-site Scripting vulnerability in Solarwinds Serv-U Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.1 |
| 2024-06-06 | CVE-2024-28995 | Path Traversal vulnerability in Solarwinds Serv-U SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | 7.5 |
| 2023-12-06 | CVE-2023-40053 | Unspecified vulnerability in Solarwinds Serv-U 15.4.0 A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | 5.0 |
| 2023-09-07 | CVE-2023-40060 | Improper Access Control vulnerability in Solarwinds Serv-U 15.4.0 A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. | 7.2 |
| 2023-08-11 | CVE-2023-35179 | Improper Access Control vulnerability in Solarwinds Serv-U 15.4.0 A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. | 7.2 |
| 2023-06-15 | CVE-2023-23841 | Cleartext Transmission of Sensitive Information vulnerability in Solarwinds Serv-U SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. | 7.5 |
| 2022-12-16 | CVE-2021-35252 | Improper Authentication vulnerability in Solarwinds Serv-U Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. | 7.5 |
| 2022-12-16 | CVE-2022-38106 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1 This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. | 5.4 |
| 2022-05-17 | CVE-2021-35249 | Unspecified vulnerability in Solarwinds Serv-U This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. | 4.3 |