Vulnerability Description
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Serv-U | < 15.3 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247Broken LinkVendor Advisory
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247Broken LinkVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-35247?
CVE-2021-35247 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitizatio...
How severe is CVE-2021-35247?
CVE-2021-35247 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35247?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Serv-U.