Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 7, 2024

CVE-2024-28995

High
EPSS 94.4%CISA KEV
SolarWinds/Serv-U

Description

SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.

EPSS — Exploit Probability

94.4%

Higher than 100.0% of all CVEs

Required Action

https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995; https://nvd.nist.gov/vuln/detail/CVE-2024-28995

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
94.4%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Jul 17, 2024

Added to KEV

Jul 17, 2024

Remediation Due

Aug 7, 2024

Affected Product

SolarWinds

Serv-U

View all SolarWinds CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE