Broken Access Control Vulnerability for Serv-U 

(CVE-2021-35245)

Summary

When a user has admin rights in Serv-U Console, the user can move, create, and delete any files that are able to be accessed on the Serv-U host machine.

Affected Products

  • Serv-U 15.2.4 HF1 and previous versions

Fixed Software Release

  • Serv-U 15.2.5

Advisory Details

Severity

8.4 High

Advisory ID

First Published

12/02/2021

Last Updated

12/02/2021

Fixed Version

Serv-U 15.2.5