CVE-2021-35247

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

Related Vulnerabilities

CVE-2009-1197

MEDIUM
CVSS:5.3(Medium)

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

CWE-202009

CVE-2010-3667

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.

CWE-202010

CVE-2011-2902

MEDIUM
CVSS:5.3(Medium)

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary fil...

CWE-202011

CVE-2013-4101

MEDIUM
CVSS:5.3(Medium)

Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness

CWE-202013

CVE-2014-0091

MEDIUM
CVSS:5.3(Medium)

Foreman has improper input validation which could lead to partial Denial of Service

CWE-202014

CVE-2014-1935

MEDIUM
CVSS:5.3(Medium)

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

CWE-202014