Broken Access Control Vulnerability for Serv-U (CVE-2021-35245)

Summary

When a user has admin rights in Serv-U Console, the user can move, create, and delete any files that are able to be accessed on the Serv-U host machine.

Affected Products

  • Serv-U 15.2.4 HF1 and previous versions

Fixed Software Release

  • Serv-U 15.2.5
Advisory Details
Severity
High
Advisory ID

CVE-2021-35245

First Published
12/02/2021
Last Updated
12/02/2021
Fixed Version

Serv-U 15.2.5

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:
C/C:H/I:H/A:H

Download PDF
Send an Email