Arbitrary File Overwrite Vulnerability (CVE-2024-28072)

Summary

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

Affected Products

  • Serv-U 15.4.2 and previous versions

Fixed Software Release

  • Serv-U 15.4.2 Hotfix 1

Acknowledgments

  • Alexander Skovsende at the Institute for Cyber Risk

Advisory Details
Severity
Medium
Advisory ID

CVE-2024-28072

First Published
05/03/2024
Fixed Version

Serv-U 15.4.2 Hotfix 1

CVSS Score

CVSS:AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Download PDF
Send an Email