Broken Access Control Vulnerability for Serv-U

(CVE-2021-35245)

Summary

When a user has admin rights in Serv-U Console, the user can move, create, and delete any files that are able to be accessed on the Serv-U host machine.

Affected Products

Serv-U 15.2.4 HF1 and previous versions

Fixed Software Release

Serv-U 15.2.5

Advisory Details

Severity

8.4 High

Advisory ID

CVE-2021-35245

First Published

12/02/2021

Last Updated

12/02/2021

Fixed Version

Serv-U 15.2.5

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:
C/C:H/I:H/A:H