Описание
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 15.1.5 (включая)
Одно из
cpe:2.3:a:solarwinds:serv-u_managed_file_transfer:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:serv-u_managed_file_transfer:15.1.6:-:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00627
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
EPSS
Процентиль: 70%
0.00627
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352