CVE-2020-27994

Path traversal in Serv-U File Server by SolarWinds | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

SolarWinds Serv-U FTP server through 15.2.1 does not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.

Successful exploitation of this issue may allow an attacker to discover available files and directories present on the web server.

Affected Versions

Discovered in: 15.2.1

Fixed Versions

Fixed in: 15.2.2

Latest News

How to build a cyber security plan: A guide for SMEs

Cyber Essentials Decoded: Firewalls and User Access Control

Cyber Essentials Decoded: Malware Protection

See All News