CVE-2018-10240

Name of the Vulnerable Software and Affected Versions: SolarWinds Serv-U MFT versions prior to 15.1.6 HFv1

Description: The issue allows an attacker to brute-force a low-entropy session token assigned to authenticated users. This token can be used in requests as a URL parameter instead of a session cookie, potentially leading to session hijacking.

Recommendations: For versions prior to 15.1.6 HFv1, update to version 15.1.6 HFv1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on session cookies to minimize the risk of exploitation.