Vulnerabilities > Solarwinds > Serv U > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-45714 Cross-site Scripting vulnerability in Solarwinds Serv-U
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
network
low complexity
solarwinds CWE-79
4.1
4.1
2022-12-16 CVE-2022-38106 Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1.
network
low complexity
solarwinds CWE-79
5.4
5.4
2022-05-17 CVE-2021-35249 Unspecified vulnerability in Solarwinds Serv-U
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to.
network
low complexity
solarwinds
4.3
4.3
2022-01-10 CVE-2021-35247 Improper Input Validation vulnerability in Solarwinds Serv-U
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.
network
low complexity
solarwinds CWE-20
5.3
5.3
2021-12-06 CVE-2021-35245 Unspecified vulnerability in Solarwinds Serv-U
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
network
low complexity
solarwinds
6.8
6.8
2021-05-11 CVE-2021-32604 Cross-site Scripting vulnerability in Solarwinds Serv-U
Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-35482 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-28001 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
network
low complexity
solarwinds CWE-79
5.4
5.4
2021-02-03 CVE-2020-27994 Path Traversal vulnerability in Solarwinds Serv-U
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
network
low complexity
solarwinds CWE-22
6.5
6.5
2020-07-07 CVE-2020-15575 Cross-site Scripting vulnerability in Solarwinds Serv-U
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number 00484194.
network
low complexity
solarwinds CWE-79
6.1
6.1