CVE-2018-19934

low-risk
Published 2019-03-21

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter.

Do I need to act?

~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Solarwinds

References (6)

Exploit http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cros...
Mailing List http://seclists.org/fulldisclosure/2019/Feb/5
Third Party Advisory https://www.themissinglink.com.au/security-advisories-cve-2018-19934
Exploit http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cros...
Mailing List http://seclists.org/fulldisclosure/2019/Feb/5
Third Party Advisory https://www.themissinglink.com.au/security-advisories-cve-2018-19934
28
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 4/34 · Minimal
Exposure 5/34 · Minimal