CVE-2021-35250

HIGH7.5

Public PoC

Description

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

SolarWinds / Serv-U15.3 only – 15.3 Hotfix 1

Exploits & PoCs

nucleiSolarWinds Serv-U 15.3 - Directory Traversalby johnk3r,pdteam

References

MISChttps://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-3-HotFix-1?language=en_US
VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250