Serv-u Security Vulnerabilities and Issues — Serv-u CVE List

Lucene search

SolarwindsServ-u

7 matches found

CVE•added 2022/01/10 2:10 p.m.•1001 views

CVE-2021-35247

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper charact...

5.3CVSS6.6AI score0.04983EPSS

CVE•added 2021/05/11 11:15 p.m.•65 views

CVE-2021-32604

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."

5.4CVSS5.5AI score0.00922EPSS

CVE•added 2024/05/03 8:15 a.m.•61 views

CVE-2024-28072

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

5.7CVSS6.9AI score0.00203EPSS

CVE•added 2022/12/16 4:15 p.m.•47 views

CVE-2022-38106

This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.

5.4CVSS5.4AI score0.00912EPSS

CVE•added 2023/12/06 4:15 a.m.•47 views

CVE-2023-40053

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.

5CVSS5AI score0.00056EPSS

CVE•added 2021/02/03 4:15 p.m.•36 views

CVE-2020-35482

SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS.

5.4CVSS5.5AI score0.04259EPSS

CVE•added 2021/02/03 4:15 p.m.•35 views

CVE-2020-28001

SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.

5.4CVSS5.5AI score0.0163EPSS