CVE-2024-28995 - SolarWinds Serv-U Path Traversal Vulnerability
Project:SolarWinds
Product:Serv-U
Date Added:2024-07-17Due Date:2024-08-07
Vulnerability Name
SolarWinds Serv-U Path Traversal Vulnerability
Description
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995
https://nvd.nist.gov/vuln/detail/CVE-2024-28995
Related News Articles
SolarWinds Patches 8 Critical Flaws in Access Rights Manager SoftwareJuly 19, 2024
SolarWinds Patches 11 Critical Flaws in Access Rights Manager SoftwareJuly 19, 2024
SolarWinds Serv-U Vulnerability Under Active Attack - Patch ImmediatelyJune 21, 2024
Cisco Warns of Critical Flaw Affecting On-Prem Smart Software ManagerJuly 18, 2024
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)June 8, 2024
