CVE-2023-40060

Summary

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.  SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. 

Affected Software

VendorProductVersion RangeStatus
SolarWindsServ-U15.4 <= 15.4 Hotfix 1affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References