Solarwinds: >> Serv-U >> 15.3.0 Security Vulnerabilities
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
CVSS Score
5.4
EPSS Score
0.011
Published
2022-12-16
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-16
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-05-17
Page 2