{"id":12026,"date":"2024-07-18T00:41:38","date_gmt":"2024-07-18T00:41:38","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=12026"},"modified":"2024-07-18T00:41:38","modified_gmt":"2024-07-18T00:41:38","slug":"solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/","title":{"rendered":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)"},"content":{"rendered":"<p>What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive files on the host machine. CISA has added CVE-2024-28995 to its Known Exploited Vulnerabilities (KEV) catalog on July 17, 2024 and a publicly available proof-of-concept (PoC) exploit code is available.What is the recommended Mitigation?Apply the most recent upgrade or patch from the vendor. https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2024-28995 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature &#8221; SolarWinds.Serv-U.InternalDir.Directory.Traversal&#8221; to detect and block any attack attempts targeting the vulnerability (CVE-2024-28995). \u00a0FortiGuard Endpoint Vulnerability Signature can help to detect vulnerable software instances (CVE-2024-28995). \u00a0The FortiGuard Incident Response team can be engaged to help with any suspected compromise.<a href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5495\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12026","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2024-07-18T00:41:38+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-07-18T00:41:38+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#blogposting\",\"name\":\"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \\u203a Sekuritas IT\",\"headline\":\"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"datePublished\":\"2024-07-18T00:41:38+00:00\",\"dateModified\":\"2024-07-18T00:41:38+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#listItem\",\"name\":\"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#listItem\",\"position\":3,\"name\":\"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/\",\"name\":\"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \\u203a Sekuritas IT\",\"description\":\"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/07\\\/18\\\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"datePublished\":\"2024-07-18T00:41:38+00:00\",\"dateModified\":\"2024-07-18T00:41:38+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \u203a Sekuritas IT","description":"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#blogposting","name":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \u203a Sekuritas IT","headline":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"datePublished":"2024-07-18T00:41:38+00:00","dateModified":"2024-07-18T00:41:38+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#listItem","name":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#listItem","position":3,"name":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/","name":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \u203a Sekuritas IT","description":"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"datePublished":"2024-07-18T00:41:38+00:00","dateModified":"2024-07-18T00:41:38+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \u203a Sekuritas IT","og:description":"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive","og:url":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/","article:published_time":"2024-07-18T00:41:38+00:00","article:modified_time":"2024-07-18T00:41:38+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995) \u203a Sekuritas IT","twitter:description":"What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive"},"aioseo_meta_data":{"post_id":"12026","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2024-07-18 00:57:29","updated":"2025-10-15 10:32:35","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tSolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)","link":"https:\/\/sekuritasit.com\/index.php\/2024\/07\/18\/solarwinds-serv-u-information-disclosure-vulnerability-cve-2024-28995\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/12026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=12026"}],"version-history":[{"count":1,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/12026\/revisions"}],"predecessor-version":[{"id":12027,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/12026\/revisions\/12027"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=12026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=12026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=12026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}