Vulnerability Description
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Serv-U Managed File Transfer | <= 15.1.5 |
Related Weaknesses (CWE)
References
- https://medium.com/%40clod81/cve-2019-12769-solarwinds-serv-u-managed-file-trans
- https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-HotFix-2Release NotesVendor Advisory
- https://medium.com/%40clod81/cve-2019-12769-solarwinds-serv-u-managed-file-trans
- https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-HotFix-2Release NotesVendor Advisory
FAQ
What is CVE-2019-12769?
CVE-2019-12769 is a vulnerability with a CVSS score of 8.8 (HIGH). SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File p...
How severe is CVE-2019-12769?
CVE-2019-12769 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12769?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Serv-U Managed File Transfer.