Unauthorized Password Retrieval Vulnerability in SolarWinds Serv-U
CVE-2021-3154

7.5HIGH

Key Information:

Vendor
Solarwinds
Status
Serv-u
Vendor
CVE Published:
4 May 2021

Summary

An issue exists in SolarWinds Serv-U versions prior to 15.2.2, where unauthenticated attackers can exploit macro injection techniques to retrieve cleartext passwords. This vulnerability highlights significant security risks if left unpatched, allowing unauthorized access to sensitive information.

References

https://documentation.solarwinds.com/en/success_center/se...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.