The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
References
Configurations
History
21 Nov 2024, 06:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htm - Release Notes, Vendor Advisory | |
References | () https://support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223?language=en_US - Vendor Advisory | |
References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35223 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.5 |
Information
Published : 2021-08-31 16:15
Updated : 2024-11-21 06:12
NVD link : CVE-2021-35223
Mitre link : CVE-2021-35223
CVE.ORG link : CVE-2021-35223
JSON object : View
Products Affected
solarwinds
- serv-u
CWE