CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45712 – SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-45712
15 Apr 2025 — SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-45711 – SolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-45711
16 Oct 2024 — SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability SolarWinds Serv-U es vulnerable a una vulnerabilidad de directory traversal en la que es posible la ejecución remota de código según los privilegios otorgados al usuario autentica... • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45714 – SolarWinds Serv-U Stored XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-45714
16 Oct 2024 — Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. La aplicación es vulnerable a Cross Site Scripting (XSS): un atacante autenticado con permisos de usuario puede modificar una variable con un payload. • https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 94%CPEs: 3EXPL: 10CVE-2024-28995 – SolarWinds Serv-U Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-28995
06 Jun 2024 — SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitiría el acceso para leer archivos confidenciales en la máquina host. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. • https://packetstorm.news/files/id/180707 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28072 – Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2024-28072
03 May 2024 — A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. Una cuenta con muchos privilegios puede sobrescribir archivos arbitrarios en el sistema con resultados de registro. Las etiquetas de ruta del archivo de registro no se sanitizaron adecuadamente. • https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40053 – HTML injection Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-40053
06 Dec 2023 — A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la función de compartir archivos de Serv-U, que podría usarse de manera maliciosa. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40060 – 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1
https://notcve.org/view.php?id=CVE-2023-40060
07 Sep 2023 — A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. Se ha identificado una vulnerabilidad dentro de Serv-U 15.4 y 15.4 Hotfix 1 que, si se explota, permite a un actor eludir la autenticación multifactor/de dos factores. El actor debe tener acc... • https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-0-Hotfix-2?language=en_US • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35179 – 2FA/MFA Bypass Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-35179
10 Aug 2023 — A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. Se ha identificado una vulnerabilidad dentro de Serv-U 15.4 que, si se explota, permite a un actor eludir la autenticación multifactor/de dos factores. El actor debe tener acceso de nivel de administrador a Serv-U para realizar esta acción.  • https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-Hotfix-1?language=en_US • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23841 – SolarWinds Serv-U Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-23841
15 Jun 2023 — SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. SolarWinds Serv-U está enviando una solicitud HTTP al cambiar o actualizar los atributos de "File Share" o "File Request?". Parte de la URL de la solicitud revela datos confidenciales. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38106 – Cross-Site Scripting Vulnerability in Serv-U Web Client
https://notcve.org/view.php?id=CVE-2022-38106
16 Dec 2022 — This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •