What is it?
SolarWinds Serv-U provides Managed File Transfer over HTTP. Versions 15.4.2 HF 1 and earlier contain a programming error that makes the network vulnerable to “directory traversal” attacks.
Why is it a risk?
Directory traversal (aka “path traversal”) vulnerabilities allow attackers to access directories and files outside the server’s root directory.
How can you mitigate the risk?
SolarWinds released Serv-U 15.4.2 Hotfix 2, which is suitable for both Windows and Linux.
Admins are advised to update their Serv-U instances as soon as possible.
The SolarWinds Security Advisory link below contains a link to download the Hotfix.
Resources:
SolarWinds Security Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995
