Broken Access Control Vulnerability for SolarWinds Serv-U
CVE-2021-35245

8.4HIGH

Key Information:

Vendor

Solarwinds
Status
Serv-u Ftp
Vendor
CVE Published:
2 December 2021

What is CVE-2021-35245?

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.

Affected Version(s)

Serv-U FTP Windows 15.2.4 Hotfix 1 and previous versions < 15.2.5

References

https://www.solarwinds.com/trust-center/security-advisori...
x_refsource_MISC
https://documentation.solarwinds.com/en/success_center/se...
x_refsource_MISC

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.