CVE-2021-35245

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:serv-u:15.2.4:hotfix1:*:*:*:*:*:*
cpe:2.3:a:solarwinds:serv-u:15.2.5:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

07 Dec 2021, 14:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 6.8
CWE CWE-269
CPE cpe:2.3:a:solarwinds:serv-u:15.2.5:-:*:*:*:*:*:*
cpe:2.3:a:solarwinds:serv-u:15.2.4:hotfix1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
References (MISC) https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-5_release_notes.htm - (MISC) https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-5_release_notes.htm - Release Notes, Vendor Advisory
References (MISC) https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35245 - (MISC) https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35245 - Vendor Advisory

06 Dec 2021, 17:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-06 17:15

Updated : 2021-12-07 14:34


NVD link : CVE-2021-35245

Mitre link : CVE-2021-35245


JSON object : View

Products Affected

solarwinds

  • serv-u

microsoft

  • windows
CWE
CWE-269

Improper Privilege Management