CVE-2023-35179: 2FA/MFA Bypass Vulnerability in Serv-U 15.4
First published: Thu Aug 10 2023(Updated: )
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action.
Credit: psirt@solarwinds.com psirt@solarwinds.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds Serv-U | =15.4.0 |
Remedy
All SolarWinds Serv-U customers are advised to upgrade to the latest version of the SolarWinds Serv-U version 15.4 Hotfix 1
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-35179?
CVE-2023-35179 is a vulnerability identified within Serv-U 15.4 that allows an actor to bypass multi-factor/two-factor authentication.
What is the severity of CVE-2023-35179?
CVE-2023-35179 has a severity level of 7.2 (high).
How does CVE-2023-35179 work?
CVE-2023-35179 allows an actor with administrator-level access to Serv-U 15.4 to bypass multi-factor/two-factor authentication.
Which software version is affected by CVE-2023-35179?
Serv-U 15.4.0 is affected by CVE-2023-35179.
How can I fix CVE-2023-35179?
To mitigate CVE-2023-35179, apply the Serv-U 15.4 Hotfix 1 from SolarWinds.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/solarwinds
- canonical/solarwinds serv-u
- version/solarwinds serv-u/15.4.0