๐Ÿ” CVE Alert

CVE-2024-28995

HIGH 8.6 โš ๏ธ CISA KEV

SolarWinds Serv-U L Directory Transversal Vulnerability

CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.

CWE CWE-22
Vendor solarwinds
Product solarwinds serv-u
Published Jun 6, 2024
Last Updated Oct 21, 2025
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for solarwinds solarwinds serv-u

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-28995.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

SolarWinds / SolarWinds Serv-U
15.4.2 HF 1 and previous versions

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
solarwinds.com: https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28995 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28995

Credits

Hussein Daher