cbcvebase.
CVE-2021-35247
published 2022-01-10

CVE-2021-35247: Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to…

PriorityP276medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-02-04
Exploited in the wild
EPSS
3.36%
87.2th percentile
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsserv-u< 15.315.3
solarwindsserv-u>= 15.2.5 and previous versions < 15.315.3

Detection & IOCsextracted from sources · hover to see the quote

  • Target application is SolarWinds Serv-U web login screen; monitor for unsanitized/malformed characters submitted to the LDAP authentication input fields on the Serv-U web login endpoint
  • Monitor for crafted LDAP queries originating from Serv-U (versions 15.2.5 and earlier) that contain unexpected or special characters, indicative of unsanitized query construction
  • ·LDAP servers in tested environments silently ignored the improper characters, meaning exploitation may produce no downstream error or anomaly on the LDAP server side — passive LDAP-side logging alone is insufficient for detection
  • ·Affected versions are Serv-U 15.2.5 and earlier; ensure asset inventory accurately reflects installed Serv-U version to scope detection and patching efforts

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
cisa5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.