CVE-2021-35250

HIGH EXPLOITED NUCLEI

Serv-U <15.3 - Path Traversal

Title source: llm

Description

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

Exploits (1)

nomisec WRITEUP 8 stars

by rissor41 · infoleak

https://github.com/rissor41/SolarWinds-CVE-2021-35250

View Code ZIP pw:eip

Nuclei Templates (1)

SolarWinds Serv-U 15.3 - Directory Traversal

HIGHby johnk3r,pdteam

Shodan: product:"Rhinosoft Serv-U httpd" || product:"rhinosoft serv-u httpd"

References (2)

[Vendor Advisory] https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-3-HotFix-1?language=en_US

[Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250

Scores

CVSS v3 7.5

EPSS 0.8953

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-24

CWE

CWE-22

Status published

Products (1)

solarwinds/serv-u 15.3

Published Apr 25, 2022

Tracked Since Feb 18, 2026