CVE-2021-35223

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

History

10 Sep 2021, 12:15

Type Values Removed Values Added
Summary The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of ‘user string variables,” allowing remote code execution. The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.

08 Sep 2021, 15:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References (MISC) https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US - (MISC) https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US - Vendor Advisory
References (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223 - (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223 - Vendor Advisory
References (MISC) https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm - (MISC) https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm - Release Notes, Vendor Advisory

31 Aug 2021, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-31 16:15

Updated : 2021-09-16 12:38


NVD link : CVE-2021-35223

Mitre link : CVE-2021-35223


JSON object : View

Products Affected

solarwinds

  • serv-u