Title: Path traversal in Serv-U File Server by SolarWinds
Discovery: Jack Misiura on behalf of The Missing Link Security
SolarWinds Serv-U FTP server through 15.2.1 does not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.
Successful exploitation of this issue may allow an attacker to discover available files and directories present on the web server.
Discovered in: 15.2.1
Fixed in: 15.2.2
SolarWinds would like to thank Jack Misiura for reporting this vulnerability.