SolarWinds was recently notified by Microsoft of a security vulnerability (CVE-2021-35211) related to Serv-U Managed File Transfer Server and Serv-U Secured FTP. The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions.  A hotfix to resolve this vulnerability has been published,.

A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system. Organizations are strongly encouraged to check the Platform and Product(s) version used in their environment and apply relevant patches as soon as possible.