CVE-2023-40053

Description

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Affected products

SolarWinds / Serv-U15.4 and previous versions – 15.4 and previous versions

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40053
MISChttps://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-4-1_release_notes.htm