8.6
CVE-2024-28995
- EPSS 94.37%
- Veröffentlicht 06.06.2024 09:15:14
- Zuletzt bearbeitet 26.02.2026 15:04:20
- Quelle psirt@solarwinds.com
- CVE-Watchlists
- Unerledigt
LoginSolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solarwinds ≫ Serv-u Version < 15.4.2
Solarwinds ≫ Serv-u Version15.4.2 Update-
Solarwinds ≫ Serv-u Version15.4.2 Updatehotfix1
17.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
SolarWinds Serv-U Path Traversal Vulnerability
SchwachstelleSolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.37% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@solarwinds.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.