Broken Access Control Vulnerability for Serv-U
(CVE-2021-35245)
Summary
When a user has admin rights in Serv-U Console, the user can move, create, and delete any files that are able to be accessed on the Serv-U host machine.
Affected Products
- Serv-U 15.2.4 HF1 and previous versions
Fixed Software Release
- Serv-U 15.2.5
Advisory Details
Severity
8.4 High
Advisory ID
First Published
12/02/2021
Last Updated
12/02/2021
Fixed Version
Serv-U 15.2.5