Arbitrary File Overwrite Vulnerability in Log Output

CVE-2024-28072
5.7MEDIUM

Key Information

Vendor
Solarwinds
Status
Serv-u
Vendor
CVE Published:
3 May 2024

Summary

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

Affected Version(s)

Serv-U <= 15.4.2 and Previous Versions

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database

Credit

Alexander Skovsende at the Institute for Cyber Risk
.