CVE ID
CVE-2024-28995
Vulnerability Name
SolarWinds Serv-U Path Traversal Vulnerability
- Project: SolarWinds
- Product: Serv-U
Date
- Date Added: 2024-07-17
- Due Date: 2024-08-07
Description
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995; https://nvd.nist.gov/vuln/detail/CVE-2024-28995
Related Security News
- SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
- Critical SolarWinds Serv-U flaws offer root access to servers
- SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
- SolarWinds Patches 11 Critical Flaws in Access Rights Manager Software
- SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately
- Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
- SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
- SolarWinds Serv-U path-traversal flaw actively exploited in attacks
- SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
Top comments (0)