Intrusion Prevention

SolarWinds.Serv-U.FTP.Server.USER_FULL_NAME.Stored.XSS

Description

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in SolarWinds Serv-U FTP Server.
The vulnerability is due to insufficient sanitizing of user supplied inputs when the vulnerable software handles a maliciously crafted HTTP request. A remote attacker may be able to exploit this to execute arbitrary script code within the context of the target user.

Affected Products

SolarWinds Serv-U FTP Server prior to 15.1.7 Hotfix 2

Impact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-1-7-Hotfix-2

CVE References

CVE-2019-13182