CVE-2024-28995 – SolarWinds Serv-U Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitiría el acceso para leer archivos confidenciales en la máquina host. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. • https://github.com/Stuub/CVE-2024-28995 https://github.com/0xc4t/CVE-2024-28995 https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U https://github.com/bigb0x/CVE-2024-28995 https://github.com/krypton-kry/CVE-2024-28995 https://github.com/ggfzx/CVE-2024-28995 https://github.com/muhammetali20/CVE-2024-28995 https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template https://github.com/gotr00t0day/CVE-2024-28995 https://www.solarwinds.com/trust-center/security-a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-40053 – HTML injection Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-40053
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la función de compartir archivos de Serv-U, que podría usarse de manera maliciosa. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40053 • CWE-20: Improper Input Validation •
CVE-2023-40060 – 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1
https://notcve.org/view.php?id=CVE-2023-40060
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. Se ha identificado una vulnerabilidad dentro de Serv-U 15.4 y 15.4 Hotfix 1 que, si se explota, permite a un actor eludir la autenticación multifactor/de dos factores. El actor debe tener acceso de nivel de administrador a Serv-U para realizar esta acción. 15.4. • https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-0-Hotfix-2?language=en_US https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40060 • CWE-284: Improper Access Control •
CVE-2023-35179 – 2FA/MFA Bypass Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-35179
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. Se ha identificado una vulnerabilidad dentro de Serv-U 15.4 que, si se explota, permite a un actor eludir la autenticación multifactor/de dos factores. El actor debe tener acceso de nivel de administrador a Serv-U para realizar esta acción.  • https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-Hotfix-1?language=en_US https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35179 • CWE-284: Improper Access Control •