CVE-2021-25276

Name of the Vulnerable Software and Affected Versions: SolarWinds Serv-U versions prior to 15.2.2 Hotfix 1

Description: The issue concerns a directory containing user profile files, including password hashes, which is world readable and writable. An unprivileged Windows user with access to the server's filesystem can exploit this by copying a valid profile file to the directory, potentially gaining access to read or replace arbitrary files with LocalSystem privileges.

Recommendations: For versions prior to 15.2.2 Hotfix 1, update to version 15.2.2 Hotfix 1 to resolve the issue. As a temporary workaround, consider restricting access to the directory containing user profile files to prevent unauthorized modifications.