solarwinds serv-u CVE-2024-28995 is a vulnerability in SolarWinds Serv U
Published on June 6, 2024

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This SolarWinds Serv-U Path Traversal Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.

The following remediation steps are recommended / required by August 7, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2024-28995 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.


Products Associated with CVE-2024-28995

You can be notified by stack.watch whenever vulnerabilities like CVE-2024-28995 are published in these products:

 

What versions of Serv U are vulnerable to CVE-2024-28995?