Arbitrary File Overwrite Vulnerability
(CVE-2024-28072)
Summary
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
Affected Products
- Serv-U 15.4.2 and previous versions
Fixed Software Release
- Serv-U 15.4.2 Hotfix 1
Acknowledgments
Alexander Skovsende at the Institute for Cyber Risk
Advisory Details
Severity
5.7 Medium
Advisory ID
First Published
05/03/2024
Fixed Version
Serv-U 15.4.2 Hotfix 1