Arbitrary File Overwrite via Unsanitized Log Path Tags (CVE202428072)
CVE-2024-28072 Published on May 3, 2024

Arbitrary File Overwrite Vulnerability
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

LOW

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Products Associated with CVE-2024-28072

Want to know whenever a new CVE is published for SolarWinds Serv U? stack.watch will email you.

SolarWinds Serv U

Affected Versions

SolarWinds Serv-U:

Version 15.4.2 and Previous Versions is affected.

solarwinds serv-u:

Before and including 15.4.2 is affected.

Exploit Probability

EPSS

0.20%

Percentile

42.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.