SolarWinds Serv-U vulnerability exploited to deliver Log4j attack
SolarWinds Serv-U vulnerability exploited to deliver Log4j attack
THREAT LEVEL: Red.
For a detailed advisory, download the pdf file here.
SolarWinds is affected by a vulnerability (CVE-2021-35247) due to improper input validation when processing LDAP queries in the Serv-U web login screen. Serv-U versions up to 15.2.5 are affected by this flaw and were fixed in version 15.3.
A threat actor used this vulnerability to send a manipulated LDAP query with unsanitized data to target Serv-U using the Log4j vulnerability. The attempt failed because Serv-U does not use Log4j code and the authentication target – LDAP (Microsoft Active Directory) – is not vulnerable to Log4j attacks.
HivePro threat researchers advise customers to patch the vulnerability using the link given below.
Vulnerability Details
![](https://i0.wp.com/www.hivepro.com/wp-content/uploads/2022/01/SolarWinds-Serv-U-vulnerability-exploited-to-deliver-Log4j-attack_VD.png?resize=640%2C133&ssl=1)
Patch Link
https://documentation.solarwinds.com/en/success_center/servu/content/servu-iug-upgrade.htm
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
https://threatpost.com/microsoft-log4j-attackssolarwinds-serv-u-bug/177824/