June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
GuLoader Malspam Campaign – Active IOCs
April 19, 2024
Multiple Oracle Complex, Maintenance, Repair, and Overhaul Vulnerabilities
April 20, 2024
GuLoader Malspam Campaign – Active IOCs
April 19, 2024
Multiple Oracle Complex, Maintenance, Repair, and Overhaul Vulnerabilities
April 20, 2024
Severity
High
Analysis Summary
CVE-2024-28073
SolarWinds Serv-U could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing "dot dot" sequences to execute arbitrary code on the system.
Impact
- Information Obtained
Indicators of Compromise
CVE
- CVE-2024-28073
Affected Vendors
SolarWinds
Affected Products
- SolarWinds Serv-U 15.4.1.128
Remediation
Refer to SolarWinds Website for patch, upgrade, or suggested workaround information.