CVE-2022-38106

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-38106
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 Third Party Advisory
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm Release Notes Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 Vendor Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 Third Party Advisory
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm Release Notes Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:solarwinds:serv-u:15.3.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:serv-u:15.3.1:*:*:*:*:*:*:*
History

21 Nov 2024, 07:15

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad ocurre en las versiones del cliente web 15.3.0 a Serv-U 15.3.1. Esta vulnerabilidad afecta la función de creación de directorios.
References () https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 - Third Party Advisory () https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 - Third Party Advisory
References () https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm - Release Notes, Vendor Advisory () https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm - Release Notes, Vendor Advisory
References () https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 - Vendor Advisory () https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 - Vendor Advisory

21 Dec 2022, 17:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4
CWE CWE-79
CPE cpe:2.3:a:solarwinds:serv-u:15.3.1:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:serv-u:15.3.0:*:*:*:*:*:*:*
References (MISC) https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 - (MISC) https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2022-38106 - Third Party Advisory
References (MISC) https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm - (MISC) https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm - Release Notes, Vendor Advisory
References (MISC) https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 - (MISC) https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38106 - Vendor Advisory

16 Dec 2022, 17:11

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-16 16:15

Updated : 2024-11-21 07:15

NVD link : CVE-2022-38106

Mitre link : CVE-2022-38106

CVE.ORG link : CVE-2022-38106

JSON object : View

Products Affected

solarwinds

  • serv-u
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')