Vulnerabilities > Solarwinds > Serv U > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-45714 | Cross-site Scripting vulnerability in Solarwinds Serv-U Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | 4.1 |
| 2023-12-06 | CVE-2023-40053 | Unspecified vulnerability in Solarwinds Serv-U 15.4.0 A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | 5.0 |
| 2022-12-16 | CVE-2022-38106 | Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1 This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. | 5.4 |
| 2022-05-17 | CVE-2021-35249 | Unspecified vulnerability in Solarwinds Serv-U This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. | 4.3 |
| 2022-01-10 | CVE-2021-35247 | Improper Input Validation vulnerability in Solarwinds Serv-U Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. | 5.0 |
| 2021-12-06 | CVE-2021-35242 | Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds Serv-U Serv-U server responds with valid CSRFToken when the request contains only Session. | 6.8 |
| 2021-12-06 | CVE-2021-35245 | Unspecified vulnerability in Solarwinds Serv-U When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | 6.8 |
| 2021-08-31 | CVE-2021-35223 | Unspecified vulnerability in Solarwinds Serv-U The Serv-U File Server allows for events such as user login failures to be audited by executing a command. | 6.5 |
| 2021-05-04 | CVE-2021-3154 | Injection vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 An issue was discovered in SolarWinds Serv-U before 15.2.2. | 5.0 |
| 2021-02-03 | CVE-2020-27994 | Path Traversal vulnerability in Solarwinds Serv-U 15.1.6/15.2.1 SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. | 4.0 |