Lucene search
K
SolarwindsServ-u

40 matches found

CVE
CVE
added 2021/07/14 8:55 p.m.1246 views

CVE-2021-35211

CVE-2021-35211 affects SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows prior to 15.2.3 HF2. The connected PoC exploit documents an out-of-bounds write path leading to remote code execution, with targets around Serv-U version 15.2.3 (examples cite 15.2.3.717). Exploitatio...

10CVSS9.6AI score0.9116EPSS
In wild
CVE
CVE
added 2022/01/07 10:39 p.m.1053 views

CVE-2021-35247

CVE-2021-35247 affects SolarWinds Serv-U where the LDAP authentication input validator improperly sanitized characters in the web login interface. Public documentation from SolarWinds notes that versions up to 15.2.5 were affected and fixed in 15.3; SolarWinds recommends updating Serv-U to the la...

5.3CVSS6.6AI score0.03359EPSS
In wild
CVE
CVE
added 2024/06/06 9:1 a.m.426 views

CVE-2024-28995

CVE-2024-28995 is a directory traversal vulnerability in SolarWinds Serv-U that allows unauthenticated attackers to read sensitive host files. The flaw affects Serv-U and can be triggered via crafted directory/file paths (e.g., using InternalDir/InternalFile payloads) to access local logs and sys...

8.6CVSS5.8AI score0.99614EPSS
In wildWeb
CVE
CVE
added 2021/02/03 4:59 p.m.281 views

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, a directory containing user profile files (including password hashes) is world-readable/writable. An unprivileged Windows user with filesystem access can copy a valid profile to that directory to create an FTP user, potentially gaining read/replace acc...

7.1CVSS8.2AI score0.00468EPSS
CVE
CVE
added 2026/06/04 2:5 p.m.167 views

CVE-2026-28318

SolarWinds Serv-U is affected by an unauthenticated Denial of Service vulnerability triggered by specially crafted POST requests with Content-Encoding: deflate. The issue can crash the Serv-U service, with exploitation observed in reports and advisories. SolarWinds has released a hotfix and mitig...

7.5CVSS5.8AI score0.10659EPSS
In wildWeb
CVE
CVE
added 2022/04/25 7:47 p.m.140 views

CVE-2021-35250

Summary (CVE-2021-35250): SolarWinds Serv-U 15.3 is affected by a directory traversal/local file inclusion vulnerability. The issue enables an attacker to access files related to the Serv-U installation and server files, potentially exposing sensitive information. The root cause is a path travers...

7.5CVSS7.4AI score0.14656EPSS
In wild
CVE
CVE
added 2022/12/16 12:0 a.m.115 views

CVE-2021-35252

The CVE-2021-35252 case covers SolarWinds Serv-U FTP Server where a common encryption key is used across all deployed instances, enabling plaintext recovery of an encrypted value exposed to an attacker. Public documents indicate affected software versions include Serv-U prior to 15.3.0 (per Nessu...

7.5CVSS7.5AI score0.00524EPSS
CVE
CVE
added 2018/05/16 2:0 p.m.85 views

CVE-2018-10241

CVE-2018-10241 describes a denial-of-service in SolarWinds Serv-U prior to 15.1.6 HFv1. An authenticated user can crash the application via a specially crafted URL beginning with the /Web%20Client/ path. Root cause: a NULL pointer dereference. Affected product: SolarWinds Serv-U FTP server softwa...

6.5CVSS6.2AI score0.01704EPSS
CVE
CVE
added 2021/05/11 10:16 p.m.85 views

CVE-2021-32604

SolarWinds Serv-U is affected by a cross-site scripting (XSS) vulnerability in Share/IncomingWizard.htm, caused by improper handling of the SenderEmail parameter. Affected version: Serv-U

5.4CVSS5.5AI score0.0172EPSS
Web
CVE
CVE
added 2024/10/16 7:27 a.m.84 views

CVE-2024-45711

CVE-2024-45711 affects SolarWinds Serv-U FTP Server. The vulnerability is a directory traversal that can lead to remote code execution when an authenticated user abuses environment variables. Authentication is required, and impact is conditioned on privileges granted to the user. Several connecte...

8.8CVSS8.2AI score0.06328EPSS
CVE
CVE
added 2021/05/04 1:2 p.m.83 views

CVE-2021-3154

Technical details about CVE-2021-3154 are not publicly provided in the supplied documents. The connected EU, RH, NVD entries only reiterate unauthenticated macro injection against SolarWinds Serv-U prior to 15.2.2. Monitor for updates.

7.5CVSS8.5AI score0.01239EPSS
CVE
CVE
added 2022/05/17 7:44 p.m.83 views

CVE-2021-35249

CVE-2021-35249 concerns SolarWinds Serv-U FTP Server. Connected sources confirm a broken access control vulnerability in Serv-U versions prior to 15.3.1 where a domain admin can read configuration and user data across other domains they should not access. The issue is read-only from the attacker’...

4.3CVSS4.5AI score0.00687EPSS
CVE
CVE
added 2025/04/15 8:39 a.m.83 views

CVE-2024-45712

CVE-2024-45712 affects SolarWinds Serv-U. The vulnerability is a client-side cross-site scripting (XSS) issue that can be exploited only by an authenticated user from the local browser session. The documented risk is described as very low. Affected guidance indicates versions prior to 15.5.1 are ...

5.4CVSS3.4AI score0.00328EPSS
CVE
CVE
added 2024/05/03 7:50 a.m.82 views

CVE-2024-28072

SolarWinds Serv-U FTP Server is affected by CVE-2024-28072: a highly privileged account can overwrite arbitrary files via log output due to unsanitized log file path tags. Affected versions include 15.4.0–15.4.2 (HF1). Remediation: upgrade to 15.4.3 or apply 15.4.2 HF1 where available.

5.7CVSS6.9AI score0.00638EPSS
CVE
CVE
added 2024/04/17 4:58 p.m.79 views

CVE-2024-28073

CVE-2024-28073 affects SolarWinds Serv-U File Server. Multiple sources confirm a Directory Traversal Remote Code Execution vulnerability that requires a highly privileged account to exploit. The issue is associated with versions prior to 15.4.2 (e.g., Serv-U 15.4.1.x and earlier) and can lead to ...

8.4CVSS7AI score0.0112EPSS
CVE
CVE
added 2018/05/16 2:0 p.m.77 views

CVE-2018-10240

SolarWinds Serv-U MFT before 15.1.6 HFv1 uses low-entropy session tokens assigned to authenticated users, which can be included as a URL parameter in lieu of a session cookie. An attacker can brute-force the token to obtain the corresponding session cookie and hijack the user’s session. Reported ...

7.3CVSS6.9AI score0.01065EPSS
CVE
CVE
added 2021/08/31 4:0 p.m.68 views

CVE-2021-35223

The CVE-2021-35223 vulnerability affects SolarWinds Serv-U File Server, specifically the Execute Command function that allows examining events (e.g., login failures) and passing parameters as user string variables, enabling remote code execution. The issue is tied to a remote, network-exposed vec...

8.8CVSS9.1AI score0.02939EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.68 views

CVE-2022-38106

SolarWinds Serv-U Web Client (remote) 15.3.0–15.3.1 is affected by a cross-site scripting vulnerability in the directory creation function. Root cause details vary by source, but public documents consistently identify the web client as the affected surface and note an XSS risk. A fix is available...

5.4CVSS5.7AI score0.0069EPSS
CVE
CVE
added 2024/10/16 7:26 a.m.67 views

CVE-2024-45714

CVE-2024-45714 refers to a Cross-Site Scripting (XSS) vulnerability in SolarWinds Serv-U. Connected sources indicate an authenticated user can modify a variable with a payload, potentially allowing browser-execution or data exposure within the victim’s context. Affected context is SolarWinds Serv...

4.8CVSS4.7AI score0.00825EPSS
CVE
CVE
added 2021/02/03 3:51 p.m.65 views

CVE-2020-27994

CVE-2020-27994 affects SolarWinds Serv-U FTP Server prior to 15.2.2. It is an authenticated directory traversal vulnerability in which the server does not validate path information correctly, allowing a logged-in user to read files outside the user’s home directory via a crafted HTTP GET request....

6.5CVSS6.5AI score0.03926EPSS
Web
CVE
CVE
added 2021/02/03 3:47 p.m.64 views

CVE-2020-35481

Affected software: SolarWinds Serv-U before version 15.2.2. Issue: Unauthenticated Macro Injection leading to high-impact outcomes (confidentiality, integrity, and availability) per CVSS metrics (CVSS‑3.1: CRITICAL, 9.8). Root cause and exact exploit path are not detailed in the supplied document...

9.8CVSS7.6AI score0.013EPSS
CVE
CVE
added 2023/12/06 3:23 a.m.64 views

CVE-2023-40053

The affected product is SolarWinds Serv-U 15.4. A vulnerability in the file share function allows an authenticated actor to insert content, potentially enabling malicious use. CVSS v3.1 base score 5.0 (Medium) with network access, low attack complexity, low privileges required, and changed scope....

5CVSS5AI score0.00833EPSS
CVE
CVE
added 2021/12/06 4:53 p.m.62 views

CVE-2021-35242

CVE-2021-35242 affects SolarWinds Serv-U: the vulnerability arises because the Serv-U server responds with a valid CSRF token even when a request contains only a Session, enabling CSRF-like abuse. The public records show CVSS data indicating network attack vector with high impact on confidentiali...

8.8CVSS8.7AI score0.00731EPSS
CVE
CVE
added 2020/07/07 1:14 p.m.56 views

CVE-2020-15574

CVE-2020-15574 affects SolarWinds Serv-U File Server prior to 15.2.1. The root cause is mishandling of the Same-Site cookie attribute, leading to potential exposure of sensitive information via crafted requests. Multiple sources (NVD, Red Hat advisory, CNVD) confirm the same issue and reference t...

7.5CVSS7.5AI score0.01522EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.56 views

CVE-2023-23841

SolarWinds Serv-U exposes sensitive information via an HTTP request when updating File Share/File request attributes. Part of the request URL leaks data. Affected product: SolarWinds Serv‑U File Server (versions prior to 15.4 per vendor advisory). CVSSv3.1 base score 7.5 (HIGH) with NETWORK reach...

7.5CVSS7.4AI score0.00455EPSS
CVE
CVE
added 2023/09/07 3:57 p.m.56 views

CVE-2023-40060

Summary: CVE-2023-40060 affects SolarWinds Serv-U 15.4 and 15.4 Hotfix 1, allowing an administrator-level attacker to bypass MFA/MFA. The issue was not fully resolved by 15.4 Hotfix 1. Affected software & cause: Serv-U FTP Server (15.4 and 15.4 Hotfix 1). The root cause is an authentication bypas...

7.2CVSS6.9AI score0.00872EPSS
CVE
CVE
added 2020/07/07 1:14 p.m.54 views

CVE-2020-15575

SolarWinds Serv-U File Server before 15.2.1 is affected by a Cross‑Site Scripting (XSS) vulnerability. The root cause is a lack of proper validation of client‑side data by the WEB application, enabling XSS as noted by Tenable Scan (Case 00484194). Affected product/version: SolarWinds Serv-U File ...

6.1CVSS6AI score0.01505EPSS
CVE
CVE
added 2021/02/03 3:53 p.m.54 views

CVE-2020-28001

The CVE-2020-28001 issue affects SolarWinds Serv-U FTP Server (before 15.2.2). The vulnerability arises from improper sanitization/validation of user-supplied directory names in the web application, enabling an authenticated Stored XSS when a crafted directory name is processed (and potentially t...

5.4CVSS5.5AI score0.03789EPSS
CVE
CVE
added 2021/12/06 4:52 p.m.54 views

CVE-2021-35245

CVE-2021-35245 affects SolarWinds Serv-U: when a user has admin rights in the Serv-U Console, they can move, create, and delete files accessible on the Serv-U host machine. The Nessus plugin for SolarWinds Serv-U 15.2.4

8.4CVSS7.1AI score0.01166EPSS
CVE
CVE
added 2020/07/07 1:13 p.m.53 views

CVE-2020-15576

CVE-2020-15576 affects SolarWinds Serv-U File Server prior to version 15.2.1. The vulnerability enables information disclosure via an HTTP response. The vulnerability is documented across multiple sources (including Red Hat and CNVD/CVE records) confirming the affected product as SolarWinds Serv-...

7.5CVSS7.2AI score0.01548EPSS
CVE
CVE
added 2021/02/03 3:49 p.m.53 views

CVE-2020-35482

CVE-2020-35482 affects SolarWinds Serv-U FTP Server before v15.2.2, where an authenticated user can trigger a reflected Cross-Site Scripting (XSS) vulnerability in the web context. The vulnerability is linked to SolarWinds Serv-U 15.2.2 release notes as the fix/upgrade path. Connected sources cor...

5.4CVSS5.5AI score0.01523EPSS
CVE
CVE
added 2020/07/07 1:15 p.m.47 views

CVE-2020-15573

SolarWinds Serv-U File Server prior to version 15.2.1 is affected by a cross-site scripting (XSS) vulnerability (Case Numbers 00041778 and 00306421). The root cause is the WEB application not adequately validating client-side data, enabling a potentially malicious script to be executed in a user’...

6.1CVSS6.3AI score0.01505EPSS
CVE
CVE
added 2023/08/10 11:14 p.m.43 views

CVE-2023-35179

SolarWinds Serv-U 15.4 (including Hotfixes HF1/HF2) contains an authentication bypass vulnerability that enables an administrator with access to bypass multi-factor authentication. The CVE describes a MFA bypass with high impact on confidentiality, integrity, and availability. The documents provi...

7.2CVSS6.9AI score0.00918EPSS
CVE
CVE
added 2026/02/24 7:40 a.m.33 views

CVE-2025-40538

CVE-2025-40538 affects SolarWinds Serv-U; it describes a broken access control vulnerability that, if abused, enables a malicious actor with domain/admin privileges to create a system administrator account and execute arbitrary code with privileged access. Impact per sources: high/critical across...

9.1CVSS6AI score0.00496EPSS
CVE
CVE
added 2026/02/24 7:41 a.m.27 views

CVE-2025-40540

CVE-2025-40540 describes a type-confusion vulnerability in SolarWinds Serv-U that enables arbitrary native code execution with privileged account context when exploited. Affected software is Serv-U; the underlying issue is a type confusion in the product’s code path that can be triggered over the...

9.1CVSS6AI score0.00445EPSS
CVE
CVE
added 2026/02/24 7:41 a.m.26 views

CVE-2025-40541

The CVE-2025-40541 entry describes an Insecure Direct Object Reference (IDOR) vulnerability in SolarWinds Serv-U. The issue allows an attacker to execute native code as a privileged account, requiring administrative privileges to exploit. On Windows deployments, risk is noted as medium because se...

9.1CVSS5.7AI score0.0057EPSS
CVE
CVE
added 2026/02/24 7:40 a.m.23 views

CVE-2025-40539

CVE-2025-40539 describes a type confusion vulnerability in SolarWinds Serv-U. The issue allows an attacker to execute arbitrary native code with privileged account privileges, requiring administrative privileges to exploit. The risk can be high in practice, and on Windows deployments the impact i...

9.1CVSS6AI score0.00445EPSS
CVE
CVE
added 2025/11/18 8:38 a.m.21 views

CVE-2025-40548

SolarWinds Serv-U is affected by a set of flaws (CVE-2025-40547, -40548, -40549) stemming from a missing validation that could allow an attacker with admin privileges to execute code. Several connected sources indicate Serv-U versions prior to 15.5.3 (and specifically 15.5.2 and earlier per PT-20...

9.1CVSS6.6AI score0.00659EPSS
CVE
CVE
added 2025/11/18 8:35 a.m.19 views

CVE-2025-40547

CVE-2025-40547 is a logic-error vulnerability in SolarWinds Serv-U FTP Server (≤ 15.5.2) that allows an authenticated administrator to execute code on the underlying Windows host via the vulnerable admin interface. Public exploit details indicate the issue exists in the Admin/ConfigUpload.aspx fl...

9.1CVSS6.6AI score0.00836EPSS
Web
CVE
CVE
added 2025/11/18 8:41 a.m.16 views

CVE-2025-40549

SolarWinds Serv-U is affected by a Path Restriction Bypass vulnerability (CVE-2025-40549). Reports in multiple sources indicate that an attacker with administrative privileges could bypass directory restrictions and execute code on a directory, effectively enabling remote code execution. The issu...

9.1CVSS7AI score0.01006EPSS