SolarWinds has released patches for three critical vulnerabilities in its Serv-U enterprise file transfer solution, addressing issues that could allow attackers with admin privileges to execute arbitrary code. These vulnerabilities are actively tracked and have been exploited or are at risk of exploitation by threat actors. #SolarWinds #ServU #CVE202540549 #CISA
Keypoints
- SolarWinds issued patches for three critical flaws in its Serv-U version 15.5.3.
- The vulnerabilities include a path restriction bypass, broken access control, and a logic error.
- All three flaws could lead to remote code execution with administrator privileges.
- The vulnerabilities are medium severity on Windows systems but pose a significant security risk.
- These vulnerabilities are part of a broader set of exploited SolarWinds flaws listed in the CISA KEV catalog.
Read More: https://www.securityweek.com/solarwinds-patches-three-critical-serv-u-vulnerabilities/