Broken Access Control Vulnerability for SolarWinds Serv-U
CVE-2021-35245

8.4HIGH

Key Information:

Vendor: Solarwinds
Status: Serv-u Ftp
Vendor: CVE Published:; 2 December 2021

Summary

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.

Affected Version(s)

Serv-U FTP Windows 15.2.4 Hotfix 1 and previous versions < 15.2.5

References

https://www.solarwinds.com/trust-center/security-advisori...

x_refsource_MISC

https://documentation.solarwinds.com/en/success_center/se...

x_refsource_MISC

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 2, 2021
Vulnerability Reserved
Jun 22, 2021

.