Skip to main content

Serv U CVE-2018-10241

MEDIUM
NULL Pointer Dereference (CWE-476)
2018-05-16 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 16, 2018 - 14:29 nvd
MEDIUM 6.5

DescriptionNVD

A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.

AnalysisAI

A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 HFv1 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring. Affected products include: Solarwinds Serv-U. Version information: before 15.1.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

More in Serv U

View all
CVE-2026-28318 HIGH POC
7.5 Jun 04

Remote denial-of-service in SolarWinds Serv-U allows unauthenticated attackers to crash the Serv-U service by sending sp

CVE-2021-35211 CRITICAL POC
10.0 Jul 14

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Mem

CVE-2024-28995 HIGH POC
7.5 Jun 06

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive fil

CVE-2021-25276 HIGH POC
7.1 Feb 03

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' pas

CVE-2021-32604 MEDIUM POC
5.4 May 11

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Sha

CVE-2025-40540 CRITICAL
9.1 Feb 24

Second type confusion vulnerability in SolarWinds Serv-U. Different attack vector from CVE-2025-40539 but same impact —

CVE-2025-40539 CRITICAL
9.1 Feb 24

Type confusion vulnerability in SolarWinds Serv-U enables arbitrary code execution. Second critical Serv-U vulnerability

CVE-2025-40538 CRITICAL
9.1 Feb 24

Broken access control in SolarWinds Serv-U allows unauthorized user creation by exploiting privilege assignment flaws. F

CVE-2025-40541 CRITICAL
9.1 Feb 24

IDOR vulnerability in SolarWinds Serv-U allows accessing objects belonging to other users. Fourth critical Serv-U vulner

CVE-2024-45711 HIGH
8.8 Oct 16

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending

CVE-2021-35242 HIGH
8.8 Dec 06

Serv-U server responds with valid CSRFToken when the request contains only Session. Rated high severity (CVSS 8.8), this

CVE-2021-35223 HIGH
8.8 Aug 31

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. Rated high se

Share

CVE-2018-10241 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy