← Volver a CVEs

CVE-2021-35247

MEDIUMCISA KEV

4.3

Descripcion

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

Detalles CVE

Puntuacion CVSS v3.14.3

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado1/10/2022

Ultima modificacion10/27/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorSolarWinds

ProductoServ-U

Nombre vulnerabilidadSolarWinds Serv-U Improper Input Validation Vulnerability

Fecha inclusion KEV2022-01-21

Fecha limite remediacion2022-02-04

Uso en ransomwareUnknown

Productos afectados

solarwinds:serv-u

Debilidades (CWE)

CWE-20

Referencias

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm(psirt@solarwinds.com)

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247(psirt@solarwinds.com)

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm(af854a3a-2127-422b-91ae-364da2661108)

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35247(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.