CVE-2023-23841

HIGH 7.5

SolarWinds Serv-U Exposure of Sensitive Information Vulnerability

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data.

CWE	CWE-319
Vendor	solarwinds
Product	servu
Published	Jun 15, 2023
Last Updated	Dec 12, 2024

Stay Ahead of the Next One

Get instant alerts for solarwinds servu

Be the first to know when new high vulnerabilities affecting solarwinds servu are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

SolarWinds / ServU

previous versions ≤ 15.3.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

solarwinds.com: https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841 documentation.solarwinds.com: https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm