Serv-U Server Security Vulnerabilities
Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to...
7.5CVSS
7.4AI Score
0.001EPSS
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation...
5.4CVSS
5.4AI Score
0.001EPSS
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix...
7.5CVSS
7.3AI Score
0.058EPSS
8.8CVSS
8.7AI Score
0.001EPSS
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code...
8.8CVSS
9AI Score
0.006EPSS
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and...
6.5CVSS
6.8AI Score
0.006EPSS
5.4CVSS
6.5AI Score
0.002EPSS
SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and...
6.1CVSS
7.4AI Score
0.001EPSS
SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated by Tenable Scan, aka Case Number...
6.1CVSS
6.5AI Score
0.001EPSS
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number...
7.5CVSS
7.4AI Score
0.002EPSS
SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP...
7.5CVSS
7AI Score
0.002EPSS