Vulnerabilities > Solarwinds > Serv U

DATE CVE VULNERABILITY TITLE RISK
2021-12-06 CVE-2021-35245 Unspecified vulnerability in Solarwinds Serv-U
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
network
low complexity
solarwinds
6.8
6.8
2021-08-31 CVE-2021-35223 Unspecified vulnerability in Solarwinds Serv-U
The Serv-U File Server allows for events such as user login failures to be audited by executing a command.
network
low complexity
solarwinds
8.8
8.8
2021-07-14 CVE-2021-35211 Out-of-bounds Write vulnerability in Solarwinds Serv-U
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.
network
low complexity
solarwinds CWE-787
critical
 10.0
10
2021-05-11 CVE-2021-32604 Cross-site Scripting vulnerability in Solarwinds Serv-U
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-05-04 CVE-2021-3154 Injection vulnerability in Solarwinds Serv-U
An issue was discovered in SolarWinds Serv-U before 15.2.2.
network
low complexity
solarwinds CWE-74
7.5
7.5
2021-02-03 CVE-2021-25276 Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds Serv-U
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable.
local
low complexity
solarwinds CWE-732
7.1
7.1
2021-02-03 CVE-2020-35482 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-35481 Unspecified vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection.
network
low complexity
solarwinds
critical
 9.8
9.8
2021-02-03 CVE-2020-28001 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-27994 Path Traversal vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
network
low complexity
solarwinds CWE-22
6.5
6.5