What the vulnerability does
01Description
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.
CVE-2021-35245
HIGH
CVE-2021-35245: Broken Access Control Vulnerability for SolarWinds Serv-U
CVSS base score
8.4/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
December 6, 2021
CVE published
September 17, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-3325 iteaj iboot 物联网网关 Admin Password pwd access control
CVE-2020-3482 Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability
CVE-2025-27738 Windows Resilient File System (ReFS) Information Disclosure Vulnerability
CVE-2026-32769 Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace
CVE-2023-2944 Improper Access Control in openemr/openemr
