Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds serv-u vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2018-10240
SolarWinds Serv-U MFT prior to 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an malicious user to obtai...
Solarwinds Serv-u
6.5
CVSSv3
CVE-2018-10241
A denial of service vulnerability in SolarWinds Serv-U prior to 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.
Solarwinds Serv-u
7.2
CVSSv3
CVE-2023-35179
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
Solarwinds Serv-u 15.4.0
7.5
CVSSv3
CVE-2021-35250
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
Solarwinds Serv-u 15.3
1 Github repository
5
CVSSv3
CVE-2023-40053
A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.
Solarwinds Serv-u 15.4.0
7.2
CVSSv3
CVE-2023-40060
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue wa...
Solarwinds Serv-u 15.4.0
9.8
CVSSv3
CVE-2020-15541
SolarWinds Serv-U FTP server prior to 15.2.1 allows remote command execution.
Solarwinds Serv-u Ftp Server
9.8
CVSSv3
CVE-2020-15542
SolarWinds Serv-U FTP server prior to 15.2.1 mishandles the CHMOD command.
Solarwinds Serv-u Ftp Server
9.8
CVSSv3
CVE-2020-15543
SolarWinds Serv-U FTP server prior to 15.2.1 does not validate an argument path.
Solarwinds Serv-u Ftp Server
6.5
CVSSv3
CVE-2019-13181
A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7.
Solarwinds Serv-u Ftp Server 15.1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »