Arbitrary File Overwrite Vulnerability

(CVE-2024-28072)

Summary

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

Affected Products

Serv-U 15.4.2 and previous versions

Fixed Software Release

Serv-U 15.4.2 Hotfix 1

Acknowledgments

Alexander Skovsende at the Institute for Cyber Risk

Advisory Details

Severity

5.7 Medium

Advisory ID

First Published

05/03/2024

Fixed Version

Serv-U 15.4.2 Hotfix 1

CVSS Score

CVSS:AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L