Lucene search
SolarWindsCVELIST:CVE-2021-35245HistoryDec 06, 2021 - 4:52 p.m.
CVE-2021-35245 Broken Access Control Vulnerability for SolarWinds Serv-U
2021-12-0616:52:02
CWE-284
SolarWinds
www.cve.org
2
cve-2021-35245
solarwinds
serv-u
broken access control
vulnerability
CVSS3
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.001
Percentile
22.7%
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
CNA Affected
[
{
"platforms": [
"Windows"
],
"product": "Serv-U FTP",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "15.2.5",
"status": "affected",
"version": "15.2.4 Hotfix 1 and previous versions",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-35245
2021-12-06 17:15:07
cve
cve
CVE-2021-35245
2021-12-06 17:15:07
prion
prion
Code injection
2021-12-06 17:15:00
nessus
nessus
SolarWinds Serv-U 15.2.4 < 15.2.5 Multiple Vulnerabilities
2024-09-27 00:00:00
CVSS3
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
8.5
Confidence
High
EPSS
0.001
Percentile
22.7%
Related for CVELIST:CVE-2021-35245