{"vulnerability": "CVE-2021-3524", "sightings": [{"uuid": "4e3bb4a0-8c5c-49c8-9dcc-d991d1d6ad4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/94ed671e-799d-455e-bbec-1cdbebf05cdc", "content": "", "creation_timestamp": "2026-02-02T12:28:26.892850Z"}, {"uuid": "60579e76-9a5e-4eba-bf02-5a8c3a35974b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "seen", "source": "https://t.me/arpsyndicate/804", "content": "#ExploitObserverAlert\n\nCVE-2021-35247\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2021-35247. Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.\n\nFIRST-EPSS: 0.008090000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-11-30T08:51:50.000000Z"}, {"uuid": "574abb43-3d6d-48da-9aa3-883df3c606e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "seen", "source": "https://t.me/true_secator/2540", "content": "\u200b\u200bSolarWinds \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Serv-U, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a Log4j \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432 \u0441\u0435\u0442\u0438.\n \nCVE-2021-35247 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0414\u0436\u043e\u043d\u0430\u0442\u0430\u043d\u043e\u043c \u0411\u0430\u0440 \u041e\u0440\u043e\u043c \u0438\u0437 Microsoft \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Log4j.\n \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u0441 \u0443\u0447\u0435\u0442\u043e\u043c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0433\u043e \u0432 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u043c \u0432\u0438\u0434\u0435. \u042d\u043a\u0440\u0430\u043d \u0432\u0435\u0431-\u0432\u0445\u043e\u0434\u0430 Serv-U \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 LDAP \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u043c\u0432\u043e\u043b\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0447\u0438\u0449\u0435\u043d\u044b.\n \n\u041e\u0448\u0438\u0431\u043a\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0445\u043e\u0434\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Serv-U 15.3 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u043c \u0432\u0432\u043e\u0434\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u043c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u0438 \u043e\u0447\u0438\u0441\u0442\u043a\u0443. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 CVE-2021-35247.\n \n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u043e\u043f\u0440\u043e\u0432\u0435\u0440\u0433 \u0432\u044b\u0432\u043e\u0434\u044b \u043c\u0438\u043a\u0440\u043e\u043c\u044f\u0433\u043a\u0438\u0445, \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u0443\u044f \u0442\u0435\u043c, \u0447\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u044b LDAP \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043d\u0435\u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u044b, \u0447\u0442\u043e \u0432 \u0446\u0435\u043b\u043e\u043c \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0440\u0435\u0447\u0438\u0442 \u043e\u0442\u0447\u0435\u0442\u0430\u043c Microsoft.\n \n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0435\u044f\u0441\u043d\u043e, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043b\u0438 \u0432 \u0438\u0442\u043e\u0433\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a Log4j, \u043a\u0430\u043a \u0437\u0430\u0432\u0435\u0440\u044f\u0435\u0442 Microsoft, \u0438\u043b\u0438 \u0436\u0435 \u043f\u043e\u0442\u0435\u0440\u043f\u0435\u043b\u0438 \u043d\u0435\u0443\u0434\u0430\u0447\u0443. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0431\u044d\u043a\u0433\u0440\u0430\u0443\u043d\u0434 SolarWinds, \u043e\u0442\u0447\u0435\u0442\u044b Microsoft \u0432\u0441\u0435 \u0436\u0435 \u043a\u0430\u0436\u0443\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0430\u0432\u0434\u043e\u043f\u043e\u0434\u043e\u0431\u043d\u044b\u043c\u0438.  \u041d\u043e \u043f\u043e\u0433\u043b\u044f\u0434\u0438\u043c.", "creation_timestamp": "2022-01-20T14:25:36.000000Z"}, {"uuid": "d3d132d4-72d1-4843-b618-18ccc134b721", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "exploited", "source": "https://t.me/thehackernews/1808", "content": "Microsoft has detected hackers exploiting a new zero-day vulnerability (CVE-2021-35247) in SolarWinds Serv-U software related to Log4j attacks.\n\nRead: https://thehackernews.com/2022/01/microsoft-hackers-exploiting-new.html\n\nServ-U version 15.3 has been released to patch the issue.", "creation_timestamp": "2022-01-20T06:00:50.000000Z"}, {"uuid": "2a58f8d9-babb-4416-ab47-cafeaf2d2aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2021-35247", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=727", "content": "", "creation_timestamp": "2022-01-24T04:00:00.000000Z"}, {"uuid": "547ca9bc-88f6-4fdd-92d6-133491768c68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "seen", "source": "https://t.me/arpsyndicate/1457", "content": "#ExploitObserverAlert\n\nCVE-2021-35247\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-35247. Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. To insure proper input validation is completed in all environments. SolarWinds recommends scheduling an update to the latest version of Serv-U.\n\nFIRST-EPSS: 0.008090000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T10:40:28.000000Z"}, {"uuid": "61cb8d4a-51d9-471b-9244-191213e52422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35246", "type": "seen", "source": "https://t.me/cibsecurity/53446", "content": "\u203c CVE-2021-35246 \u203c\n\nThe application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T20:14:02.000000Z"}, {"uuid": "1be9832f-9a05-4c71-8e2d-01bb103cf702", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35243", "type": "seen", "source": "https://t.me/cibsecurity/34596", "content": "\u203c CVE-2021-35243 \u203c\n\nThe HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.6 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-23T22:19:54.000000Z"}, {"uuid": "f0d7aed3-791c-4803-9d71-8f9e6d831e01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35240", "type": "seen", "source": "https://t.me/cibsecurity/28121", "content": "\u203c CVE-2021-35240 \u203c\n\nA security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-31T20:34:01.000000Z"}, {"uuid": "5c8880b1-2109-40eb-b870-be57d4641725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "b226e043-8e66-4dca-b192-0b1096a3bc92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35246", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13507", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-35246\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.\n\ud83d\udccf Published: 2022-11-23T16:48:18.061Z\n\ud83d\udccf Modified: 2025-04-25T18:18:44.414Z\n\ud83d\udd17 References:\n1. https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246\n2. https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm\n3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246", "creation_timestamp": "2025-04-25T19:07:32.000000Z"}, {"uuid": "5409ef82-d6ab-4700-829a-ce102c2a688d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35248", "type": "seen", "source": "https://t.me/cibsecurity/34303", "content": "\u203c CVE-2021-35248 \u203c\n\nIt has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-21T00:11:29.000000Z"}, {"uuid": "cf10463d-65d7-4a4d-81db-e7cbb1bf298c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35242", "type": "seen", "source": "https://t.me/cibsecurity/33394", "content": "\u203c CVE-2021-35242 \u203c\n\nServ-U server responds with valid CSRFToken when the request contains only Session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-06T20:20:51.000000Z"}, {"uuid": "947859d2-8a3b-4852-9838-2d1271d6c1d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35245", "type": "seen", "source": "https://t.me/cibsecurity/33397", "content": "\u203c CVE-2021-35245 \u203c\n\nWhen a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-06T20:20:54.000000Z"}, {"uuid": "4be4ad9c-2807-445b-b49b-b7bbd5086bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971224", "content": "", "creation_timestamp": "2024-12-24T20:26:07.909014Z"}, {"uuid": "5d804e80-ce8a-4bad-b549-1e5bf57cc1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:30.000000Z"}, {"uuid": "4a8c59cf-1562-4782-aa5b-63659bb81e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35247", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/94ed671e-799d-455e-bbec-1cdbebf05cdc", "content": "", "creation_timestamp": "2026-02-02T12:28:26.892850Z"}]}