First published: Wed Mar 18 2020(Updated: )
SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Serv-U Managed File Transfer | <=15.1.5 | |
SolarWinds Serv-U Managed File Transfer | =15.1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12769 is a vulnerability in SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 that is vulnerable to Cross-Site Request Forgery in the file upload functionality.
CVE-2019-12769 has a severity keyword level of high with a severity value of 8.8.
Versions up to and including 15.1.5 and version 15.1.6 of SolarWinds Serv-U Managed File Transfer are affected by CVE-2019-12769.
References for CVE-2019-12769 can be found at the provided links: https://medium.com/@clod81/cve-2019-12769-solarwinds-serv-u-managed-file-transfer-mft-web-client-15-1-6-a2dab98d668d and https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-6-HotFix-2.
To address CVE-2019-12769, it is recommended to apply the necessary security updates, such as Hotfix 2 for version 15.1.6 of SolarWinds Serv-U Managed File Transfer.