Solarwinds

Serv-u

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-40541

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 24.02.2026 07:41:49
  • Zuletzt bearbeitet 24.02.2026 17:56:16

An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows d...

7.2

CVE-2025-40540

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 24.02.2026 07:41:17
  • Zuletzt bearbeitet 24.02.2026 17:54:39

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the ris...

7.2

CVE-2025-40539

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 24.02.2026 07:40:46
  • Zuletzt bearbeitet 24.02.2026 17:53:38

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the ris...

7.2

CVE-2025-40538

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 24.02.2026 07:40:12
  • Zuletzt bearbeitet 24.02.2026 17:51:27

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue ...

9.1

CVE-2025-40549

  • EPSS 0.24%
  • Veröffentlicht 18.11.2025 08:41:24
  • Zuletzt bearbeitet 02.12.2025 16:37:16

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows s...

9.1

CVE-2025-40548

  • EPSS 0.06%
  • Veröffentlicht 18.11.2025 08:38:19
  • Zuletzt bearbeitet 02.12.2025 16:36:36

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored ...

9.1

CVE-2025-40547

  • EPSS 0.17%
  • Veröffentlicht 18.11.2025 08:35:03
  • Zuletzt bearbeitet 02.12.2025 16:36:27

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is sco...

5.4

CVE-2024-45712

  • EPSS 0.09%
  • Veröffentlicht 15.04.2025 08:39:23
  • Zuletzt bearbeitet 18.11.2025 21:45:38

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

8.8

CVE-2024-45711

  • EPSS 8.9%
  • Veröffentlicht 16.10.2024 08:15:06
  • Zuletzt bearbeitet 17.10.2024 20:17:29

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when softwar...

4.1

CVE-2024-45714

  • EPSS 0.28%
  • Veröffentlicht 16.10.2024 08:15:06
  • Zuletzt bearbeitet 30.10.2024 20:33:59

Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.