Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-35247
HistoryJan 10, 2022 - 2:10 p.m.

CVE-2021-35247

2022-01-1014:10:17
CWE-20
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

Affected configurations

NVD
Node
solarwindsserv-uRange<15.3

Related

prion 1
nessus 1
cve 1
cisa_kev 1
cvelist 1
hivepro 1
threatpost 1
attackerkb 1
thn 1
cisa 1
mmpc 1
mssecure 1
qualysblog 1
prion
prion
Input validation
2022-01-10 14:10:00
nessus
nessus
Serv-U FTP Server < 15.3 Improper Input Validation
2022-01-20 00:00:00
cve
cve
CVE-2021-35247
2022-01-10 14:10:17
cisa_kev
cisa_kev
SolarWinds Serv-U Improper Input Validation Vulnerability
2022-01-21 00:00:00
cvelist
cvelist
CVE-2021-35247 Improper Input Validation Vulnerability in Serv-U
2022-01-05 00:00:00
hivepro
hivepro
SolarWinds Serv-U vulnerability exploited to deliver Log4j attack
2022-01-24 11:05:50
threatpost
threatpost
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
2022-01-20 18:39:21
attackerkb
attackerkb
CVE-2021-35247
2022-01-05 00:00:00
thn
thn
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
2022-01-20 04:57:00
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-01-21 00:00:00
mmpc
mmpc
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
mssecure
mssecure
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON
Related for NVD:CVE-2021-35247
prion1nessus1cve1cisa_kev1cvelist1hivepro1threatpost1attackerkb1thn1cisa1mmpc1mssecure1qualysblog1