Main Vulnerability Database SB2022011720

SB2022011720 - LDAP injection in SolarWinds Serv-U

Published: January 17, 2022

Security Bulletin ID SB2022011720

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) LDAP injection (CVE-ID: CVE-2021-35247)

CWE-ID: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

The vulnerability allows a remote attacker to send unexpected characters to the LDAP server.

The vulnerability exists due to improper input validation when processing DLAP queries in Serv-U web login screen. A remote non-authenticated attacker can send a specially crafted request that can bypass implemented filtration and influence the initial LDAP query.

Note: No downstream affect has been detected as the LDAP servers ignored improper characters.

Remediation

Install update from vendor's website.

References

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247