Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSolarWindsCVELIST:CVE-2021-35247
HistoryJan 07, 2022 - 10:39 p.m.

CVE-2021-35247 Improper Input Validation Vulnerability in Serv-U

2022-01-0722:39:50
CWE-20
SolarWinds
www.cve.org
4
cve-2021-35247
serv-u
input validation
ldap
solarwinds
update mechanism
sanitization
downstream affect
environment
scheduling

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

CNA Affected

[
  {
    "product": "Serv-U",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "15.3",
        "status": "affected",
        "version": "15.2.5 and previous versions",
        "versionType": "custom"
      }
    ]
  }
]

Related

cve 1
nvd 1
prion 1
nessus 1
cisa_kev 1
attackerkb 1
threatpost 1
hivepro 1
thn 1
cisa 1
mmpc 1
mssecure 1
qualysblog 1
cve
cve
CVE-2021-35247
2022-01-10 14:10:17
nvd
nvd
CVE-2021-35247
2022-01-10 14:10:17
prion
prion
Input validation
2022-01-10 14:10:00
nessus
nessus
Serv-U FTP Server < 15.3 Improper Input Validation
2022-01-20 00:00:00
cisa_kev
cisa_kev
SolarWinds Serv-U Improper Input Validation Vulnerability
2022-01-21 00:00:00
attackerkb
attackerkb
CVE-2021-35247
2022-01-05 00:00:00
threatpost
threatpost
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
2022-01-20 18:39:21
hivepro
hivepro
SolarWinds Serv-U vulnerability exploited to deliver Log4j attack
2022-01-24 11:05:50
thn
thn
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
2022-01-20 04:57:00
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-01-21 00:00:00
mmpc
mmpc
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
mssecure
mssecure
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON
Related for CVELIST:CVE-2021-35247
cve1nvd1prion1nessus1cisa_kev1attackerkb1threatpost1hivepro1thn1cisa1mmpc1mssecure1qualysblog1