Directory Transversal Vulnerability in Serv-U 15.3 (CVE-2022-35250)

Summary

An external security researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. If exploited, this vulnerability could allow access to files relating to the Serv-U installation and server files. It is important to note no exploits of this vulnerability have been reported in the wild.

Affected Products

Only Serv-U version 15.3

Fixed Software Release

Serv-U 15.3 HF 1

Acknowledgments

SolarWinds would like to thank the external security researcher who reported this issue and is cooperating with SolarWinds on responsible disclosure best practices.

Advisory Details

Severity

High

Advisory ID

CVE-2021-35250

First Published

03/02/2022

Last Updated

03/02/2022

Fixed Version

Serv-U 15.3 HF 1

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:
N/A:N

Download PDF

Send an Email