Products
UNKNOWN
Source
psirt@solarwinds.com
Tags
CVE-2024-28072 details
Published : May 3, 2024, 8:15 a.m.
Last Modified : May 3, 2024, 12:48 p.m.
Last Modified : May 3, 2024, 12:48 p.m.
Description
A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly.
CVSS Score
1 | 2 | 3 | 4 | 5.7 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
Base Score
5.7
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
References
URL | Source |
---|---|
https://solarwindscore.my.site.com/SuccessCenter/s/article/Serv-U-15-4-2-Hotfix-1-Release-Notes?language=en_US | psirt@solarwinds.com |
https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28072 | psirt@solarwinds.com |
This website uses the NVD API, but is not approved or certified by it.