CVE-2023-23841 - Vulnerability Details - OpenCVE

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00075.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Solarwinds	Serv-u

Configuration 1 [-]

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841

History

Wed, 25 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description	SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data.	SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.  Part of the URL of the request discloses sensitive data.
Title	SolarWinds Serv-U Exposure of Sensitive Information Vulnerability	SolarWinds Serv-U Exposure of Sensitive Information Vulnerability

Thu, 12 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2023-06-15T00:00:00.000Z

Updated: 2024-12-12T21:02:58.158Z

Reserved: 2023-01-18T00:00:00.000Z

Link: CVE-2023-23841

Vulnrichment

Updated: 2024-08-02T10:42:26.763Z

NVD

Status : Modified

Published: 2023-06-15T22:15:09.227

Modified: 2026-02-25T17:18:56.540

Link: CVE-2023-23841

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-23841", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "dateUpdated": "2024-12-12T21:02:58.158Z", "dateReserved": "2023-01-18T00:00:00.000Z", "datePublished": "2023-06-15T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ServU", "vendor": "SolarWinds", "versions": [{"lessThanOrEqual": "15.3.2", "status": "affected", "version": "previous versions", "versionType": "15.4"}]}], "datePublic": "2023-05-16T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SolarWinds Serv-U is submitting an HTTP request when changing or updating </span><span style=\"background-color: rgb(255, 255, 255);\">the attributes</span><span style=\"background-color: rgb(255, 255, 255);\"> for File Share or File request.\u202f Part of the URL of the request discloses sensitive data.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>"}], "value": "SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.\u202f Part of the URL of the request discloses sensitive data."}], "impacts": [{"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:20:31.933Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841"}, {"tags": ["release-notes"], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SolarWinds recommends customers upgrade to SolarWinds Serv-U version 15.4 as soon as it becomes available. The expected release date is May 17, 2023."}], "value": "SolarWinds recommends customers upgrade to SolarWinds Serv-U version 15.4 as soon as it becomes available. The expected release date is May 17, 2023."}], "source": {"discovery": "EXTERNAL"}, "title": "SolarWinds Serv-U Exposure of Sensitive Information Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:26.763Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841"}, {"tags": ["release-notes", "x_transferred"], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-12T21:02:22.696382Z", "id": "CVE-2023-23841", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T21:02:58.158Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm", "tags": ["release-notes", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:42:26.763Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-23841", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-12T21:02:22.696382Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T21:02:53.978Z"}}], "cna": {"title": "SolarWinds Serv-U Exposure of Sensitive Information Vulnerability", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SolarWinds", "product": "ServU", "versions": [{"status": "affected", "version": "previous versions", "versionType": "15.4", "lessThanOrEqual": "15.3.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SolarWinds recommends customers upgrade to SolarWinds Serv-U version 15.4 as soon as it becomes available. The expected release date is May 17, 2023.", "supportingMedia": [{"type": "text/html", "value": "SolarWinds recommends customers upgrade to SolarWinds Serv-U version 15.4 as soon as it becomes available. The expected release date is May 17, 2023.", "base64": false}]}], "datePublic": "2023-05-16T17:00:00.000Z", "references": [{"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841", "tags": ["vendor-advisory"]}, {"url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.\u202f Part of the URL of the request discloses sensitive data.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SolarWinds Serv-U is submitting an HTTP request when changing or updating </span><span style=\"background-color: rgb(255, 255, 255);\">the attributes</span><span style=\"background-color: rgb(255, 255, 255);\"> for File Share or File request.\u202f Part of the URL of the request discloses sensitive data.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:20:31.933Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23841", "state": "PUBLISHED", "dateUpdated": "2024-12-12T21:02:58.158Z", "dateReserved": "2023-01-18T00:00:00.000Z", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "datePublished": "2023-06-15T00:00:00.000Z", "assignerShortName": "SolarWinds"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "61C98D46-08C2-430A-B3DC-E01F6E3F75BA", "versionEndExcluding": "15.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.\u202f Part of the URL of the request discloses sensitive data."}, {"lang": "es", "value": "SolarWinds Serv-U est\u00e1 enviando una solicitud HTTP al cambiar o actualizar los atributos de \"File Share\" o \"File Request?\". Parte de la URL de la solicitud revela datos confidenciales. "}], "id": "CVE-2023-23841", "lastModified": "2026-02-25T17:18:56.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@solarwinds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-15T22:15:09.227", "references": [{"source": "psirt@solarwinds.com", "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm"}, {"source": "psirt@solarwinds.com", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/serv-u_15-4_release_notes.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23841"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "psirt@solarwinds.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}