Serv-u Security Vulnerabilities and Issues — Serv-u CVE List

Lucene search

SolarwindsServ-u

5 matches found

CVE•added 2022/01/10 2:10 p.m.•1006 views

CVE-2021-35247

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper charact...

5.3CVSS6.6AI score0.04983EPSS

CVE•added 2022/12/16 4:15 p.m.•93 views

CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

7.5CVSS7.5AI score0.0015EPSS

CVE•added 2022/04/25 8:15 p.m.•90 views

CVE-2021-35250

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

7.5CVSS7.4AI score0.9164EPSS

CVE•added 2022/05/17 8:15 p.m.•66 views

CVE-2021-35249

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthori...

4.3CVSS4.5AI score0.00055EPSS

CVE•added 2022/12/16 4:15 p.m.•47 views

CVE-2022-38106

This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.

5.4CVSS5.4AI score0.00912EPSS