Cyber Resilience

CVE-2021-35247

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 10 January 2022

Published
10 January 2022
Modified
27 October 2025
KEV Added
21 January 2022
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0534 90.3th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-35247 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Solarwinds Serv-U. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 9.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability in CVE-2021-35247 is improper input validation affecting the web login screen's LDAP authentication mechanism in SolarWinds Serv-U. The component failed to sufficiently sanitize characters submitted during authentication, although the vendor notes that downstream LDAP servers ignored the improper input and no further impact was observed in practice. The issue is tracked under CWE-20 with a CVSS 3.1 score of 4.3.

An unauthenticated attacker can exploit the flaw over the network by supplying crafted input to the login interface, which requires user interaction such as clicking a malicious link. Successful exploitation yields limited integrity impact while leaving confidentiality and availability unaffected.

SolarWinds Serv-U release notes for version 15.3 and the associated security advisory state that the input mechanism now performs additional validation and sanitization. The vendor recommends that all customers schedule an update to the latest Serv-U version to ensure proper validation regardless of LDAP server behavior. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.

EU & UK References

Vulnerability details

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored…

more

improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.

CWE(s)
KEV Date Added
21 January 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

solarwinds
serv-u
≤ 15.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of all input to the Serv-U web login LDAP interface, eliminating the unsanitized characters that constitute the CVE-2021-35247 flaw.

prevent

Mandates timely application of the vendor patch (Serv-U 15.3+) that implements the additional input validation and sanitization required to close this vulnerability.

detect

Requires scanning to identify the presence of the vulnerable Serv-U version so the flaw can be located and remediated before exploitation.

References