← Back to CVEs

CVE-2021-35247

MEDIUMCISA KEV

4.3

Description

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

CVE Details

CVSS v3.1 Score4.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published1/10/2022

Last Modified10/27/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorSolarWinds

ProductServ-U

Vulnerability NameSolarWinds Serv-U Improper Input Validation Vulnerability

KEV Date Added2022-01-21

Remediation Due Date2022-02-04

Ransomware UseUnknown

Affected Products

solarwinds:serv-u

Weaknesses (CWE)

CWE-20

References

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm(psirt@solarwinds.com)

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247(psirt@solarwinds.com)

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm(af854a3a-2127-422b-91ae-364da2661108)

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35247(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.