- 312/2022
- High
SolarWinds has released security updates to fix multiple vulnerabilities in the Serv-U FTP server.
The addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service to the affected systems.
Sample of the addressed vulnerabilities:
1. Cross-Site Scripting Vulnerability in Serv-U Web Client (CVE-2022-38106):
• CVSS: 7.5
• Attack Vector: Network
• Attack Complexity: low
• Privileges Required: High
• User Interaction: Required
• Consequences: Cross-Site Scripting
2. X.509 Email Address Variable Length Buffer Overflow(CVE-2022-3786):
• CVSS: 7.5
• Attack Vector: Network
• Attack Complexity: low
• Privileges Required: None
• User Interaction: None
• Consequences: Denial of Service
Affected Products:
• Serv-U 15.3.0.
• Serv-U 15.3.1.
Vulnerabilities
- CVE-2022-38106
- CVE-2022-3786
- CVE-2022-3602
- CVE-2021-35252
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.