PT-2024-31733 · Solarwinds · Serv-U
Published
2024-09-04
·
Updated
2025-12-30
·
CVE-2024-45711
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SolarWinds Serv-U (affected versions not specified)
Description:
The issue is a directory traversal vulnerability where remote code execution is possible depending on the privileges given to the authenticated user. This problem requires the user to be authenticated, and it occurs when the software environment variables are abused. Authentication is required for this vulnerability. There are approximately 2598 IPs found to be likely vulnerable to this issue, with the top location being the US.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Serv-U