SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability (CVE-2024-28073)

Summary

SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited.

Affected Products

SolarWinds Serv-U 15.4.1.128 and prior versions

Fixed Software Release

SolarWinds Serv-U 15.4.2

Acknowledgments

Alexander Skovsende at the Institut For Cyber Risk

Advisory Details

Severity

High

Advisory ID

CVE-2024-28073

First Published

04/17/2024

Last Updated

04/17/2024

Fixed Version

SolarWinds Serv-U 15.4.2

CVSS Score

CVSS:8.4AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Download PDF

Send an Email