CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35249

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.4%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

Products affected by CVE-2021-35249

Solarwinds » Serv-U » Version: 15.1

cpe:2.3:a:solarwinds:serv-u:15.1
Solarwinds » Serv-U » Version: 15.1.1

cpe:2.3:a:solarwinds:serv-u:15.1.1
Solarwinds » Serv-U » Version: 15.1.2

cpe:2.3:a:solarwinds:serv-u:15.1.2
Solarwinds » Serv-U » Version: 15.1.3

cpe:2.3:a:solarwinds:serv-u:15.1.3
Solarwinds » Serv-U » Version: 15.1.4

cpe:2.3:a:solarwinds:serv-u:15.1.4
Solarwinds » Serv-U » Version: 15.1.5

cpe:2.3:a:solarwinds:serv-u:15.1.5
Solarwinds » Serv-U » Version: 15.1.6

cpe:2.3:a:solarwinds:serv-u:15.1.6
Solarwinds » Serv-U » Version: 15.1.7

cpe:2.3:a:solarwinds:serv-u:15.1.7
Solarwinds » Serv-U » Version: 15.2.1

cpe:2.3:a:solarwinds:serv-u:15.2.1
Solarwinds » Serv-U » Version: 15.2.2

cpe:2.3:a:solarwinds:serv-u:15.2.2
Solarwinds » Serv-U » Version: 15.2.3

cpe:2.3:a:solarwinds:serv-u:15.2.3
Solarwinds » Serv-U » Version: 15.2.4

cpe:2.3:a:solarwinds:serv-u:15.2.4
Solarwinds » Serv-U » Version: 15.2.5

cpe:2.3:a:solarwinds:serv-u:15.2.5
Solarwinds » Serv-U » Version: 15.3

cpe:2.3:a:solarwinds:serv-u:15.3
Solarwinds » Serv-U » Version: 15.3.0

cpe:2.3:a:solarwinds:serv-u:15.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35249

Products

Pricing

Contact Us