Vulnerabilities > CVE-2021-35247 - Unspecified vulnerability in Solarwinds Serv-U
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
Vulnerable Configurations
Related news
- Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks (source)
- New SolarWinds Serv-U vulnerability exploited in Log4j-related attacks (source)
- CISA adds 17 vulnerabilities to list of bugs exploited in attacks (source)
- Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks (source)
References
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247