Vulnerabilities > Solarwinds > Serv U > 15.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-03 | CVE-2021-25276 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2 In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. | 3.6 |
2021-02-03 | CVE-2020-35482 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | 3.5 |
2021-02-03 | CVE-2020-35481 | Unspecified vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection. | 7.5 |
2021-02-03 | CVE-2020-28001 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | 3.5 |
2021-02-03 | CVE-2020-27994 | Path Traversal vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. | 4.0 |