Reflected Cross-Site Scripting in SolarWinds Serv-U FTP Server
CVE-2018-19934

4.8MEDIUM

Key Information:

Vendor

Solarwinds
Status
Serv-u Ftp Server
Vendor
CVE Published:
21 March 2019

What is CVE-2018-19934?

The SolarWinds Serv-U FTP Server version 15.1.6.25 is susceptible to a reflected cross-site scripting vulnerability. This occurs within the web management interface, allowing an attacker to exploit URL paths and HTTP POST parameters, potentially leading to unauthorized actions and data exposure. It is crucial for users to remain aware of this security flaw and apply necessary patches or mitigations as outlined in security advisories.

References

http://packetstormsecurity.com/files/151474/SolarWinds-Se...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Feb/5
x_refsource_MISC
https://www.themissinglink.com.au/security-advisories-cve...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.