Vulnerabilities > Solarwinds > Serv U FTP Server > 15.1.6.25

DATE CVE VULNERABILITY TITLE RISK
2020-07-05 CVE-2020-15543 Improper Input Validation vulnerability in Solarwinds Serv-U FTP Server
SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path.
network
low complexity
solarwinds CWE-20
critical
9.8
2020-07-05 CVE-2020-15542 Unspecified vulnerability in Solarwinds Serv-U FTP Server
SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command.
network
low complexity
solarwinds
critical
9.8
2020-07-05 CVE-2020-15541 Unspecified vulnerability in Solarwinds Serv-U FTP Server
SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution.
network
low complexity
solarwinds
critical
9.8
2019-06-07 CVE-2018-19999 Improper Authentication vulnerability in Solarwinds Serv-U FTP Server 15.1.6.25
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation.
local
low complexity
solarwinds CWE-287
7.8
2019-03-21 CVE-2018-19934 Cross-site Scripting vulnerability in Solarwinds Serv-U FTP Server 15.1.6.25
SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.
network
low complexity
solarwinds CWE-79
4.8