https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35247

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35247

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35247

NIST NVD-CWE-noinfo

NIST CWE-20

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247

OR
     *cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* versions up to (including) 15.2.5

OR
     *cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* versions up to (excluding) 15.3

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm No Types Assigned

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm Release Notes, Vendor Advisory

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3_release_notes.htm [No Types Assigned]

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST (AV:N/AC:L/Au:N/C:N/I:P/A:N)

NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247 Broken Link

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247 Broken Link, Vendor Advisory

Serv-U web login screen was allowing characters that were not sanitized by the authentication mechanism. SolarWinds has updated the authentication mechanism to remedy this issue and prevent unauthorized parameters to be used in the Serv-U login screen With the Log4j issue in the wild, input fields across the internet have been tested for vulnerability. Although Serv-U was not affected by the log4j issue, It was discovered that better input validation could be implemented.

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)

NIST CWE-20

OR
     *cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* versions up to (including) 15.2.5

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247 No Types Assigned

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247 Broken Link