CVE-2024-45711

SolarWinds Serv-U is vulnerable  to a directory traversal  vulnerability where remote code execution is possible depending on privileges given to the authenticated user.  This issue requires a user to be authenticated and this is present when software environment variables are abused. Authentication is required for this vulnerability
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
SolarWindsCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
solarwindsserv-u
𝑥
< 15.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711