SolarWinds Serv-U Exposure of Sensitive Information Vulnerability (CVE-2023-23841)

Summary

SolarWinds Serv-U submits an HTTP request when changing or updating the File Share or File request attributes. When this occurs, part of the URL of the request discloses sensitive data.

Affected Products

Serv-U 15.3.2 and earlier

Fixed Software Release

Serv-U 15.4

Advisory Details

Severity

Medium

Advisory ID

CVE-2023-23841

First Published

05/17/2023

Last Published

05/17/2023

Fixed Version

Serv-U 15.4

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Download PDF

Send an Email