Lucene search
SolarWindsVULNRICHMENT:CVE-2022-38106HistoryDec 16, 2022 - 12:00 a.m.
CVE-2022-38106 Cross-Site Scripting Vulnerability in Serv-U Web Client
2022-12-1600:00:00
CWE-79
SolarWinds
github.com
5
cve-2022-38106
serv-u
web client
xss
vulnerability
directory creation.
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
CNA Affected
[
{
"vendor": "SolarWinds",
"product": "Serv-U File Server",
"versions": [
{
"status": "affected",
"version": "15.3.0"
}
],
"defaultStatus": "unaffected"
}
]Related
prion
prion
Design/Logic Flaw
2022-12-16 16:15:00
cve
cve
CVE-2022-38106
2022-12-16 16:15:22
nessus
nessus
SolarWinds Serv-U 15.3.0 < 15.3.2 (deprecated)
2022-11-23 00:00:00
cvelist
cvelist
CVE-2022-38106 Cross-Site Scripting Vulnerability in Serv-U Web Client
2022-12-16 00:00:00
nvd
nvd
CVE-2022-38106
2022-12-16 16:15:22
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2022-38106