CVE-2021-35252

Опубликовано: 16 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

Ссылки

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252
Third Party Advisory
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm
Release Notes
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252
Patch
Vendor Advisory
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35252
Third Party Advisory
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-2_release_notes.htm
Release Notes
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35252
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

Версия до 15.3.2 (исключая)

EPSS

Процентиль: 54%

0.00317

Низкий

7.5 High

CVSS3

Дефекты

CWE-798

CWE-287

Связанные уязвимости

GHSA-4wvf-2vqw-mj6r