Shodan
Vulnerabilities
Vulnerable Software
Solarwinds:  >> Serv-U  >> 15.4.0  Security Vulnerabilities
CVE-2024-45711
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
CVSS Score
7.5
EPSS Score
0.031
Published
2024-10-16
CVE-2024-45714
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-16
CVE-2024-28995
Known exploited
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
CVSS Score
8.6
EPSS Score
0.944
Published
2024-06-06
CVE-2024-28072
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
CVSS Score
5.7
EPSS Score
0.002
Published
2024-05-03
CVE-2024-28073
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-04-17
CVE-2023-40053
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-12-06
CVE-2023-40060
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.  SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. 
CVSS Score
7.2
EPSS Score
0.0
Published
2023-09-07
CVE-2023-35179
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 
CVSS Score
7.2
EPSS Score
0.001
Published
2023-08-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved