What is CVE-2023-40053?

CVE-2023-40053 is a medium-severity vulnerability in Solarwinds Serv-u, classified under Improper Input Validation. CVSS score: 5.0/10. Published 2023-12-06.

How severe is CVE-2023-40053?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Improper input validation in Solarwinds Serv-u

CVE-2023-40053

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (17.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N.

Affected products

Solarwinds Serv-u — versions 15.4 and previous versions

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

www.solarwinds.com/trust-center/security-advisories/CVE-2023-40053
documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv…

Frequently asked questions

What is CVE-2023-40053?: CVE-2023-40053 is a medium-severity vulnerability in Solarwinds Serv-u, classified under Improper Input Validation. CVSS score: 5.0/10. Published 2023-12-06.
How severe is CVE-2023-40053?: Medium severity. CVSS v3 base score is 5.0 out of 10.