CVE-2021-35247 MEDIUM

CVE-2021-35247: Improper Input Validation Vulnerability in Serv-U

Vendor Solarwinds

Product Serv-U

Weakness CWE-20 · Input validation

KEV Status Known Exploited

Published January 7, 2022

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

January 7, 2022 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-35247 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2021-35247

Related vulnerabilities

Identifiers

CVE CVE-2021-35247

CWE CWE-20

CVSS 4.3 / MEDIUM

Affected versions