CVE-2024-28995 SolarWinds Serv-U L Directory Transversal Vulnerability

2024-06-0609:01:23

CWE-22

SolarWinds

github.com

solarwinds

serv-u

directory transversal

vulnerability

sensitive files

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.959

Percentile

99.5%

SSVC

Exploitation

active

Automatable

yes

Technical Impact

partial

JSON

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*"
    ],
    "vendor": "solarwinds",
    "product": "serv-u",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "15.4.2_hf_1"
      }
    ],
    "defaultStatus": "unknown"
  }
]