5.7
CVE-2024-28072
- EPSS 0.64%
- Veröffentlicht 03.05.2024 08:15:07
- Zuletzt bearbeitet 25.02.2025 17:12:45
- Quelle psirt@solarwinds.com
- CVE-Watchlists
- Unerledigt
LoginArbitrary File Overwrite Vulnerability
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solarwinds ≫ Serv-u Version < 15.4.2
Solarwinds ≫ Serv-u Version15.4.2 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.457 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
| psirt@solarwinds.com | 5.7 | 0.9 | 4.7 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28072