CVE-2021-35247

MEDIUM KEV

SolarWinds Serv-U - Info Disclosure

Title source: llm

Description

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

References (3)

[Release Notes, Vendor Advisory] https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm

[Broken Link, Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35247

Scores

CVSS v3 4.3

EPSS 0.0534

EPSS Percentile 90.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CISA KEV 2022-01-21

VulnCheck KEV 2022-01-19

InTheWild.io 2022-01-20

ENISA EUVD EUVD-2021-21890

CWE

CWE-20

Status published

Products (1)

solarwinds/serv-u < 15.3

Published Jan 10, 2022

KEV Added Jan 21, 2022

Tracked Since Feb 18, 2026