Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-35247
HistoryJan 10, 2022 - 2:10 p.m.

CVE-2021-35247

2022-01-1014:10:00
CWE-20
[email protected]
web.nvd.nist.gov
851
In Wild
serv-u
web login
ldap authentication
vulnerability
solarwinds
patch
nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.5%

JSON

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

Related

cisa_kev 1
prion 1
nessus 1
hivepro 1
threatpost 1
attackerkb 1
thn 1
cisa 1
mmpc 1
mssecure 1
qualysblog 1
cisa_kev
cisa_kev
SolarWinds Serv-U Improper Input Validation Vulnerability
2022-01-21 00:00:00
prion
prion
Input validation
2022-01-10 14:10:00
nessus
nessus
Serv-U FTP Server < 15.3 Improper Input Validation
2022-01-20 00:00:00
hivepro
hivepro
SolarWinds Serv-U vulnerability exploited to deliver Log4j attack
2022-01-24 11:05:50
threatpost
threatpost
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
2022-01-20 18:39:21
attackerkb
attackerkb
CVE-2021-35247
2022-01-05 00:00:00
thn
thn
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
2022-01-20 04:57:00
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-01-21 00:00:00
mmpc
mmpc
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
mssecure
mssecure
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
2021-12-12 05:29:03
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.5%

JSON
Related for CVE-2021-35247
cisa_kev1prion1nessus1hivepro1threatpost1attackerkb1thn1cisa1mmpc1mssecure1qualysblog1