CVE-2021-35247

Serv-U web login screen was allowing characters that were not sanitized by the authentication mechanism. SolarWinds has updated the authentication mechanism to remedy this issue and prevent unauthorized parameters to be used in the Serv-U login screen With the Log4j issue in the wild, input fields across the internet have been tested for vulnerability. Although Serv-U was not affected by the log4j issue, It was discovered that better input validation could be implemented.
Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

History

14 Jan 2022, 01:40

Type Values Removed Values Added
CWE CWE-20
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
References (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247 - (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247 - Broken Link
CPE cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
First Time Solarwinds
Solarwinds serv-u

10 Jan 2022, 14:14

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-10 14:10

Updated : 2022-01-14 01:40


NVD link : CVE-2021-35247

Mitre link : CVE-2021-35247


JSON object : View

Products Affected

solarwinds

  • serv-u
CWE
CWE-20

Improper Input Validation