Overview
- Description
- Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Known exploits
Data from CISA
- Vulnerability name
- SolarWinds Serv-U Improper Input Validation Vulnerability
- Exploit added on
- Jan 21, 2022
- Exploit action due
- Feb 4, 2022
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB4EF8F3-F239-464D-B0AA-3119A5CCF12E",
"versionEndExcluding": "15.3"
}
],
"operator": "OR"
}
]
}
]