Описание
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.
Ссылки
- Release NotesVendor Advisory
- Broken LinkVendor Advisory
- Release NotesVendor Advisory
- Broken LinkVendor Advisory
- US Government Resource
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
Serv-U web login screen was allowing characters that were not sanitized by the authentication mechanism. SolarWinds has updated the authentication mechanism to remedy this issue and prevent unauthorized parameters to be used in the Serv-U login screen With the Log4j issue in the wild, input fields across the internet have been tested for vulnerability. Although Serv-U was not affected by the log4j issue, It was discovered that better input validation could be implemented.
Уязвимости функции веб-аутентификации файлового сервера SolarWinds Serv-U File Server, позволяющая нарушителю повысить свои привилегии
EPSS
4.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2