CVE-2024-45712

Description

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SolarWinds / Serv-UServ-U 15.5 and previous versions – Serv-U 15.5 and previous versions

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45712
MISChttps://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-5-1_release_notes.htm