Serv-u@* Security Vulnerabilities and Issues — Serv-u@* CVE List

Lucene search

SolarwindsServ-u*

3 matches found

CVE•added 2022/01/10 2:10 p.m.•1007 views

CVE-2021-35247

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper charact...

5.3CVSS6.6AI score0.04983EPSS

CVE•added 2022/12/16 4:15 p.m.•93 views

CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

7.5CVSS7.5AI score0.0015EPSS

CVE•added 2022/05/17 8:15 p.m.•66 views

CVE-2021-35249

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthori...

4.3CVSS4.5AI score0.00055EPSS