SolarWinds continues to be besieged by security issues, this time in its Serv-U managed file transfer server. The software company has released four patches for critical Serv-U remote code execution (RCE) vulnerabilities that could allow attackers to gain root (administrator) access to unpatched servers. These four common vulnerabilities and exposures (CVEs) are rated “critical,” the highest severity score. These should be treated as “high-urgency patch events,” said Ensar Seker, CISO at SOCRadar. “When you are talking about pre-authentication RCE with potential root-level access, you are effectively talking about full system compromise.” Flaws let attackers execute arbitrary code Serv-U is ...