Solarwinds: >> Serv-U >> 15.2.3 Security Vulnerabilities
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
CVSS Score
8.4
EPSS Score
0.001
Published
2021-12-06
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
CVSS Score
8.5
EPSS Score
0.045
Published
2021-08-31
CVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
Known exploited
CVSS Score
9.0
EPSS Score
0.941
Published
2021-07-14
Page 2