CVE-2024-28995

CVSS v3.1 7.5 (High)

EPSS 95.87 % (100^th)

Affected Products 1

Advisories 1

NVD Status Analyzed

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Weaknesses

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: SolarWinds
Published Date: 2024-06-06 09:15:14
(3 months ago)
Updated Date: 2024-07-18 01:00:03
(7 weeks ago)

SolarWinds Serv-U Path Traversal Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Description: SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns: Unknown
Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995

Vendor: SolarWinds
Product: Serv-U
In CISA Catalog from: 2024-07-17
(7 weeks ago)
Due Date: 2024-08-07
(4 weeks ago)

Affected Products

Solarwinds

Serv-u

Configuration #1

		CPE23	From	Up To
	Solarwinds Serv-u prior 15.4.2 version	cpe:2.3:a:solarwinds:serv-u		< 15.4.2
	Solarwinds Serv-u 15.4.2	cpe:2.3:a:solarwinds:serv-u:15.4.2:-
	Solarwinds Serv-u 15.4.2 Hotfix1	cpe:2.3:a:solarwinds:serv-u:15.4.2:hotfix1