Arbitrary File Overwrite Vulnerability 

(CVE-2024-28072)

Summary

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

Affected Products

  • Serv-U 15.4.2 and previous versions

Fixed Software Release

  • Serv-U 15.4.2 Hotfix 1

Acknowledgments

  • Alexander Skovsende at the Institute for Cyber Risk

Advisory Details

Severity

5.7 Medium

Advisory ID

First Published

05/03/2024

Fixed Version

Serv-U 15.4.2 Hotfix 1