CyberSec.Space Logo
Back to CVE Browser

CVE-2021-35211

Known Exploited (CISA KEV)CRITICAL
9.0
CVSS Severity Score
EPSS Score80.4590%
EPSS Percentile92.35th
PublishedJul 14, 2021
Last ModifiedOct 27, 2025

Vulnerability Description

Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.

Affected Platforms (CPE)

πŸ“¦
Solarwinds

Serv U

< 15.2.3
πŸ“¦
Solarwinds

Serv U

= 15.2.3
πŸ“¦
Solarwinds

Serv U

= 15.2.3

References & Advisories

πŸ”— https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit
πŸ”— https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
πŸ”— https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit
πŸ”— https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35211

Related Vulnerabilities

CVE-2004-033010.0

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argu...

CVE-2019-1302010.0

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse....

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-253210.0

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute ...