Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds serv-u 15.2.2 vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2021-25276
In SolarWinds Serv-U prior to 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by co...
Solarwinds Serv-u
Solarwinds Serv-u 15.2.2
9.8
CVSSv3
CVE-2020-35481
SolarWinds Serv-U prior to 15.2.2 allows Unauthenticated Macro Injection.
Solarwinds Serv-u
5.4
CVSSv3
CVE-2020-35482
SolarWinds Serv-U prior to 15.2.2 allows authenticated reflected XSS.
Solarwinds Serv-u
7.5
CVSSv3
CVE-2021-3154
An issue exists in SolarWinds Serv-U prior to 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.
Solarwinds Serv-u
6.5
CVSSv3
CVE-2020-27994
SolarWinds Serv-U prior to 15.2.2 allows Authenticated Directory Traversal.
Solarwinds Serv-u
1 Github repository
5.4
CVSSv3
CVE-2020-28001
SolarWinds Serv-U prior to 15.2.2 allows Authenticated Stored XSS.
Solarwinds Serv-u
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started