VYPR

Serv U

by Rhinosoft

CVEs (24)

  • CVE-2021-35252Dec 16, 2022
    risk 0.00cvss epss 0.01

    Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

  • CVE-2021-35249May 17, 2022
    risk 0.00cvss epss 0.01

    This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a…

  • CVE-2021-35245Dec 6, 2021
    risk 0.00cvss epss 0.01

    When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.

  • CVE-2001-1463Nov 19, 2001
    risk 0.00cvss epss 0.03

    The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

Page 2 of 2