Arbitrary File Overwrite Vulnerability in Log Output
CVE-2024-28072

4.9MEDIUM

Key Information:

Vendor

Solarwinds
Status
Serv-u
Vendor
CVE Published:
3 May 2024

What is CVE-2024-28072?

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.

Affected Version(s)

Serv-U 15.4.2 and Previous Versions

References

https://www.solarwinds.com/trust-center/security-advisori...
https://solarwindscore.my.site.com/SuccessCenter/s/articl...

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Alexander Skovsende at the Institute for Cyber Risk
.
CVE-2024-28072 : Arbitrary File Overwrite Vulnerability in Log Output