Lucene search
+L

7 matches found

hivepro
hivepro
added 2022/01/24 11:5 a.m.66 views

SolarWinds Serv-U vulnerability exploited to deliver Log4j attack

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. SolarWinds is affected by a vulnerability CVE-2021-35247 due to improper input validation when processing LDAP queries in the Serv-U web login screen. Serv-U versions up to 15.2.5 are affected by this flaw and were fixed in...

9.3CVSS0.2AI score0.99999EPSS
Exploits354
ThreatPost
ThreatPost
added 2022/01/20 6:39 p.m.237 views

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

Attackers are trying to log in to SolarWinds Serv-U file-sharing software via attacks exploiting the Log4j flaws. This is a confusing story: Initially, Microsoft had warned on Wednesday that attackers were exploiting a previously undisclosed vulnerability in the SolarWinds Serv-U file-sharing...

10CVSS9.5AI score0.99999EPSS
Exploits354References12
Circl
Circl
added 2022/01/20 6:0 a.m.18 views

CVE-2021-35247

creationtimestamp| type| source ---|---|--- 2022-01-20 06:00:50+00:00| exploited| https://t.me/thehackernews/1808 2022-01-20 14:25:36+00:00| seen| https://t.me/truesecator/2540 2022-01-24 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=727 2023-06-14 21:10:04+00:00| seen|...

5.3CVSS6.9AI score0.03359EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2022/01/20 4:57 a.m.428 views

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 CVSS score: 5.3, the issue is an "input...

10CVSS0.4AI score0.99999EPSS
Exploits356
OSV
OSV
added 2022/01/10 2:10 p.m.4 views

CVE-2021-35247

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper...

5.3CVSS7AI score0.03359EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/01/07 10:39 p.m.38 views

CVE-2021-35247 Improper Input Validation Vulnerability in Serv-U

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper...

4.3CVSS6.9AI score0.03359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/01/07 10:39 p.m.11 views

CVE-2021-35247 Improper Input Validation Vulnerability in Serv-U

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper...

4.3CVSS6.6AI score0.03359EPSS
Exploits0References2
Rows per page
Query Builder