CVSS: 8.6EPSS: 97%CPEs: 3EXPL: 10CVE-2024-28995 – SolarWinds Serv-U Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-28995
06 Jun 2024 — SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. SolarWinds Serv-U era susceptible a una vulnerabilidad directory transversal que permitiría el acceso para leer archivos confidenciales en la máquina host. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. • https://packetstorm.news/files/id/180707 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28072 – Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2024-28072
03 May 2024 — A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. Una cuenta con muchos privilegios puede sobrescribir archivos arbitrarios en el sistema con resultados de registro. Las etiquetas de ruta del archivo de registro no se sanitizaron adecuadamente. • https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US • CWE-532: Insertion of Sensitive Information into Log File •