SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks

January 20, 2022 

SolarWinds released an update addressing an improper input validation vulnerability in Serv-U. 

The vulnerability has been actively exploited by threat actors to spread Log4J attacks to internal network devices. 

The Vulnerability

  • CVE-2021-35247 (CVSS 3.1: 4.3) – Improper Input Validation: The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. 

Affected Versions

  • Serv-U 15.2.5 and previous versions. 

Fixed Versions

  • Serv-U 15.3. 


CYREBRO recommends that those who are using SolarWinds Serv-U update the product to version 15.3. 

Source: SolarWinds Advisory 

Sign Up for Updates