Vulnerability Details CVE-2021-35242
Serv-U server responds with valid CSRFToken when the request contains only Session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.4%
CVSS Severity
CVSS v3 Score 8.3
CVSS v2 Score 6.8
References
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-5_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242
- https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-5_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242
Products affected by CVE-2021-35242
-
cpe:2.3:a:solarwinds:serv-u:15.1
-
cpe:2.3:a:solarwinds:serv-u:15.1.1
-
cpe:2.3:a:solarwinds:serv-u:15.1.2
-
cpe:2.3:a:solarwinds:serv-u:15.1.3
-
cpe:2.3:a:solarwinds:serv-u:15.1.4
-
cpe:2.3:a:solarwinds:serv-u:15.1.5
-
cpe:2.3:a:solarwinds:serv-u:15.1.6
-
cpe:2.3:a:solarwinds:serv-u:15.1.7
-
cpe:2.3:a:solarwinds:serv-u:15.2.1
-
cpe:2.3:a:solarwinds:serv-u:15.2.2
-
cpe:2.3:a:solarwinds:serv-u:15.2.3
-
cpe:2.3:a:solarwinds:serv-u:15.2.4