CVE-2021-35247

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.3

Description The issue is related to improper input validation in the Serv-U web login screen, specifically with LDAP authentication, allowing characters that were not sufficiently sanitized. This could potentially allow a remote attacker to elevate their privileges. Although the LDAP servers ignored improper characters, and no downstream effect has been detected, the vulnerability still poses a risk. It has been reported that hackers have exploited this vulnerability, but no specific details about the number of affected devices or real-world incidents are provided.

Recommendations For versions prior to 15.3, update to the latest version of Serv-U to ensure proper input validation is completed in all environments. As a temporary workaround, consider restricting access to the Serv-U web login screen to minimize the risk of exploitation.