Lucene search

[email protected]NVD:CVE-2022-38106

HistoryDec 16, 2022 - 4:15 p.m.

CVE-2022-38106

2022-12-1616:15:22

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

serv-u

directory creation

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.0%

JSON

This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.

Affected configurations

Nvd

Node

solarwindsserv-uMatch15.3.0

solarwindsserv-uMatch15.3.1

VendorProductVersionCPE
solarwindsserv-u15.3.0cpe:2.3:a:solarwinds:serv-u:15.3.0:*:*:*:*:*:*:*
solarwindsserv-u15.3.1cpe:2.3:a:solarwinds:serv-u:15.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
solarwinds	serv-u	15.3.0	cpe:2.3:a:solarwinds:serv-u:15.3.0:::::::*
solarwinds	serv-u	15.3.1	cpe:2.3:a:solarwinds:serv-u:15.3.1:::::::*

References

cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106

documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106