Solarwinds: >> Serv-U >> 15.4.0 Security Vulnerabilities
A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-11-18
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory.
This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-11-18
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code.
This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-11-18
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.
CVSS Score
2.6
EPSS Score
0.0
Published
2025-04-15
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
CVSS Score
7.5
EPSS Score
0.09
Published
2024-10-16
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
CVSS Score
4.8
EPSS Score
0.003
Published
2024-10-16
CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Known exploited
CVSS Score
8.6
EPSS Score
0.944
Published
2024-06-06
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
CVSS Score
5.7
EPSS Score
0.002
Published
2024-05-03
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.
CVSS Score
8.4
EPSS Score
0.003
Published
2024-04-17
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-12-06
Page 1