Authenticated Directory Traversal Vulnerability in SolarWinds Serv-U
CVE-2020-27994

6.5MEDIUM

Key Information:

Vendor
Solarwinds
Status
Serv-u
Vendor
CVE Published:
3 February 2021

Summary

The vulnerability in SolarWinds Serv-U, present in versions prior to 15.2.2, allows authenticated users to exploit directory traversal attacks. This could enable attackers to access sensitive files and directories outside of the intended scope, potentially compromising the integrity of stored data. Administrators are advised to update their Serv-U installations to mitigate this risk.

References

https://www.themissinglink.com.au/security-advisories-cve...
x_refsource_MISC
https://documentation.solarwinds.com/en/success_center/se...
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Feb/36
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.