Vulnerabilities for Sftp/scp server (...) - CXSECURITY.COM

Vulnerabilities for 'Sftp/scp server'

2018-12-05

CVE-2018-16792

CWE-611

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

CVE-2018-16791

CWE-522

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.

>>> Vendor: Solarwinds 46 Products

Orion network performance monitor

Ip address manager web interface

Network configuration manager

Log and event manager

Server and application monitor

Orion ip address manager

Orion netflow traffic analyzer

Orion network configuration manager

Orion server and application manager

Orion user device tracker

Orion voip & network quality manager

Orion web performance monitor

Firewall security manager

Storage manager

N-able n-central

Storage resource monitor

Virtualization manager

Log & event manager

Network performance monitor

Sftp/scp server

Serv-u ftp server

Damewire mini remote control

Database performance analyzer

Dameware mini remote control firmware

Dameware remote support

Serv-u managed file transfer

Managed service provider patch management engine

Advanced monitoring agent

Orion virtual infrastructure monitor

Serv-u file server

Dameware mini remote control

Kiwi syslog server

Access rights manager

Copyright 2024, cxsecurity.com