KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

4.3

CVSS
Medium

CVE-2021-35247

PUBLISHED

Improper Input Validation Vulnerability in Serv-U

Exploited in the wild Remote Low complexity

Vendor: SolarWinds
Product: Serv-U
Published: Jan 07, 2022
EPSS: —

Description

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

windows cisa

CVSS scores

CVSS v3.1 4.3 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitation status

Exploited in the wild

Recorded 2022-01-21 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Jan 21, 2022

Timeline

CVE ID Reserved

June 22, 2021
CVE Published to Public

January 07, 2022
Added to KEVIntel

January 21, 2022