5.3

CVE-2021-35247

Warnung

Improper Input Validation Vulnerability in Serv-U

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SolarwindsServ-u Version < 15.3

21.01.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

SolarWinds Serv-U Improper Input Validation Vulnerability

Schwachstelle

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.36% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@solarwinds.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm
Vendor Advisory
Release Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
Vendor Advisory
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35247
US Government Resource