CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 4, 2022

CVE-2021-35247

High

EPSS 3.0%CISA KEV

Description

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.

EPSS — Exploit Probability

3.0%

Higher than 86.4% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-35247

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 3.0%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jan 21, 2022

Added to KEV

Jan 21, 2022

Remediation Due

Feb 4, 2022

Affected Product

SolarWinds

Serv-U

View all SolarWinds CVEs

External Links

NVD (NIST)CVE Details MITRE CVE