CVE-2024-28995 is a vulnerability in SolarWinds Serv U
Published on June 6, 2024
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Known Exploited Vulnerability
This SolarWinds Serv-U Path Traversal Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
The following remediation steps are recommended / required by August 7, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-28995 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Products Associated with CVE-2024-28995
You can be notified by stack.watch whenever vulnerabilities like CVE-2024-28995 are published in these products:
What versions of Serv U are vulnerable to CVE-2024-28995?
- SolarWinds Serv U Version 15.4.2 -
- SolarWinds Serv U Version 15.4.2 hotfix1
- SolarWinds Serv U Fixed in Version 15.4.2