Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds serv-u vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2018-10241
A denial of service vulnerability in SolarWinds Serv-U prior to 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.
Solarwinds Serv-u
445
VMScore
CVE-2018-10240
SolarWinds Serv-U MFT prior to 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an malicious user to obtai...
Solarwinds Serv-u
578
VMScore
CVE-2021-35223
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
Solarwinds Serv-u
605
VMScore
CVE-2021-35242
Serv-U server responds with valid CSRFToken when the request contains only Session.
Solarwinds Serv-u
446
VMScore
CVE-2021-35247
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignor...
Solarwinds Serv-u
356
VMScore
CVE-2021-35249
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a...
Solarwinds Serv-u
NA
CVE-2021-35252
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.
Solarwinds Serv-u
NA
CVE-2023-23841
SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data.
Solarwinds Serv-u
312
VMScore
CVE-2021-32604
Share/IncomingWizard.htm in SolarWinds Serv-U prior to 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."
Solarwinds Serv-u
445
VMScore
CVE-2021-3154
An issue exists in SolarWinds Serv-U prior to 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
Solarwinds Serv-u
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »