Vulnerabilities > Solarwinds > Serv U
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2021-35250 | Path Traversal vulnerability in Solarwinds Serv-U 15.3 A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. | 7.5 |
| 2022-01-10 | CVE-2021-35247 | Improper Input Validation vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.0 |
| 2021-12-06 | CVE-2021-35242 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U Serv-U server responds with valid CSRFToken when the request contains only Session. | 6.8 |
| 2021-12-06 | CVE-2021-35245 | Unspecified vulnerability in Solarwinds Serv-U When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | 6.8 |
| 2021-08-31 | CVE-2021-35223 | Unspecified vulnerability in Solarwinds Serv-U The Serv-U File Server allows for events such as user login failures to be audited by executing a command. | 6.5 |
| 2021-07-14 | CVE-2021-35211 | Out-of-bounds Write vulnerability in Solarwinds Serv-U Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. | 10.0 |
| 2021-05-11 | CVE-2021-32604 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2 Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." | 3.5 |
| 2021-05-04 | CVE-2021-3154 | Injection vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 An issue was discovered in SolarWinds Serv-U before 15.2.2. | 5.0 |
| 2021-02-03 | CVE-2021-25276 | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U 15.1.6/15.2.1/15.2.2 In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. | 3.6 |
| 2021-02-03 | CVE-2020-35482 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | 3.5 |