MFA/2FA Bypass Vulnerability in Serv-U 15.4 

(CVE-2023-35179)

Download PDF

Security Advisory Summary

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.

Affected Products

  • Serv-U 15.4

Fixed Software Release

Advisory Details

Severity

6.6 Medium

Advisory ID

CVE-2023-35179

First Published

08/04/2023

Last Published

08/04/2023

Fixed Version

Serv-U 15.4 HF1

CVSS Score

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H