The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
References
Configurations
History
10 Sep 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution. |
08 Sep 2021, 15:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CPE | cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo | |
References | (MISC) https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US - Vendor Advisory | |
References | (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223 - Vendor Advisory | |
References | (MISC) https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm - Release Notes, Vendor Advisory |
31 Aug 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-31 16:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-35223
Mitre link : CVE-2021-35223
CVE.ORG link : CVE-2021-35223
JSON object : View
Products Affected
solarwinds
- serv-u
CWE