CVSS: 8.6EPSS: 94%CPEs: 3EXPL: 10CVE-2024-28995 – SolarWinds Serv-U Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-28995
06 Jun 2024 — SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitiría el acceso para leer archivos confidenciales en la máquina host. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. • https://packetstorm.news/files/id/180707 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40053 – HTML injection Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-40053
06 Dec 2023 — A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Se ha identificado una vulnerabilidad en Serv-U 15.4 que permite a un actor autenticado insertar contenido en la función de compartir archivos de Serv-U, que podría usarse de manera maliciosa. • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40060 – 2FA/MFA Bypass Vulnerability in Serv-U 15.4 and 15.4 Hotfix 1
https://notcve.org/view.php?id=CVE-2023-40060
07 Sep 2023 — A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. Se ha identificado una vulnerabilidad dentro de Serv-U 15.4 y 15.4 Hotfix 1 que, si se explota, permite a un actor eludir la autenticación multifactor/de dos factores. El actor debe tener acc... • https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-0-Hotfix-2?language=en_US • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35179 – 2FA/MFA Bypass Vulnerability in Serv-U 15.4
https://notcve.org/view.php?id=CVE-2023-35179
10 Aug 2023 — A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. Se ha identificado una vulnerabilidad dentro de Serv-U 15.4 que, si se explota, permite a un actor eludir la autenticación multifactor/de dos factores. El actor debe tener acceso de nivel de administrador a Serv-U para realizar esta acción.  • https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-4-Hotfix-1?language=en_US • CWE-284: Improper Access Control •