CVE-2023-40060

Name of the Vulnerable Software and Affected Versions Serv-U versions 15.4 through 15.4 Hotfix 1

Description A vulnerability has been identified that allows an actor to bypass multi-factor/two-factor authentication if exploited. The actor must have administrator-level access to Serv-U to perform this action. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.

Recommendations For Serv-U versions 15.4 through 15.4 Hotfix 1, consider restricting access to the system until a patch is available, as the issue allows an actor to bypass multi-factor/two-factor authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.