CVE-2021-35247

moderate-risk
Published 2022-01-10

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

Do I need to act?

~
5.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Solarwinds

References (5)

Release Notes https://documentation.solarwinds.com/en/success_center/servu/content/release_not...
Broken Link https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
Release Notes https://documentation.solarwinds.com/en/success_center/servu/content/release_not...
Broken Link https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...
38
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal