SolarWinds Serv-U Exposure of Sensitive Information Vulnerability 

(CVE-2023-23841)

Download PDF

Summary

SolarWinds Serv-U submits an HTTP request when changing or updating the File Share or File request attributes. When this occurs, part of the URL of the request discloses sensitive data.

Affected Products

  • Serv-U 15.3.2 and earlier

Fixed Software Release

Advisory Details

Severity

4.8 Medium

Advisory ID

CVE-2023-23841

First Published

05/17/2023

Last Published

05/17/2023

Fixed Version

Serv-U 15.4

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N