Vulnerabilities > Solarwinds > Serv U > 15.2.1

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2021-25276 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable.
local
low complexity
solarwinds CWE-732
3.6
3.6
2021-02-03 CVE-2020-35482 Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
network
solarwinds CWE-79
3.5
3.5
2021-02-03 CVE-2020-35481 Unspecified vulnerability in Solarwinds Serv-U 15.1.6/15.2.1
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
network
low complexity
solarwinds
7.5
7.5
2021-02-03 CVE-2020-28001 Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
network
solarwinds CWE-79
3.5
3.5
2021-02-03 CVE-2020-27994 Path Traversal vulnerability in Solarwinds Serv-U 15.1.6/15.2.1
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
network
low complexity
solarwinds CWE-22
4.0
4.0