Directory Transversal Vulnerability in Serv-U 15.3
CVE-2021-35250

7.5HIGH

Key Information:

Vendor: Solarwinds
Status: Serv-u
Vendor: CVE Published:; 25 April 2022

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

Affected Version(s)

Serv-U 15.3 only < 15.3 Hotfix 1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

SolarWinds-CVE-2021-35250
Created by rissor41

References

https://support.solarwinds.com/SuccessCenter/s/article/Se...

x_refsource_MISC

https://www.solarwinds.com/trust-center/security-advisori...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Apr 13, 2023
👾
Exploit known to exist
Apr 13, 2023
Vulnerability published
Apr 25, 2022
Vulnerability Reserved
Jun 22, 2021