CVSS: 8.6EPSS: 96%CPEs: 3EXPL: 9CVE-2024-28995 – SolarWinds Serv-U Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitiría el acceso para leer archivos confidenciales en la máquina host. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. • https://github.com/Stuub/CVE-2024-28995 https://github.com/0xc4t/CVE-2024-28995 https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U https://github.com/bigb0x/CVE-2024-28995 https://github.com/krypton-kry/CVE-2024-28995 https://github.com/ggfzx/CVE-2024-28995 https://github.com/muhammetali20/CVE-2024-28995 https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template https://github.com/gotr00t0day/CVE-2024-28995 https://www.solarwinds.com/trust-center/security-a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23841 – SolarWinds Serv-U Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-23841
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. SolarWinds Serv-U está enviando una solicitud HTTP al cambiar o actualizar los atributos de "File Share" o "File Request?". Parte de la URL de la solicitud revela datos confidenciales. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35252 – Common Key Vulnerability in Serv-U FTP Server
https://notcve.org/view.php?id=CVE-2021-35252
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. Parece que se utiliza una clave de cifrado común en todas las instancias implementadas del Serv-U FTP Server. Debido a esto, un valor cifrado que está expuesto a un atacante se puede recuperar simplemente en texto plano. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252 https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252 • CWE-287: Improper Authentication CWE-798: Use of Hard-coded Credentials •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38106 – Cross-Site Scripting Vulnerability in Serv-U Web Client
https://notcve.org/view.php?id=CVE-2022-38106
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •