SolarWinds Serv-U Directory Traversal Vulnerability

CVE-2024-45711

8.8HIGH

Key Information

Vendor: SolarWinds
Status: Serv-u
Vendor: CVE Published:; 16 October 2024

Summary

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 16, 2024

Collectors

NVD Database