CVE-2024-28072
Severity CVSS v4.0:
Pending analysis
Type:
CWE-532
Information Exposure Through Log Files
Publication date:
03/05/2024
Last modified:
25/02/2025
Description
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. <br />
<br />
<br />
<br />
<br />
<br />
<br />
Impact
Base Score 3.x
5.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* | 15.4.2 (excluding) | |
| cpe:2.3:a:solarwinds:serv-u:15.4.2:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28072
- https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28072