CVE-2021-35223

The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:12

Type Values Removed Values Added
References () https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm - Release Notes, Vendor Advisory () https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm - Release Notes, Vendor Advisory
References () https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US - Vendor Advisory () https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US - Vendor Advisory
References () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223 - Vendor Advisory () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223 - Vendor Advisory
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 8.5

Information

Published : 2021-08-31 16:15

Updated : 2024-11-21 06:12


NVD link : CVE-2021-35223

Mitre link : CVE-2021-35223

CVE.ORG link : CVE-2021-35223


JSON object : View

Products Affected

solarwinds

  • serv-u
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo