CVE-2021-35242

Summary

Serv-U server responds with valid CSRFToken when the request contains only Session.

Affected Software

VendorProductVersion RangeStatus
SolarWindsServ-U Server15.2.4 Hotfix 1 and previous versions < 15.2.5affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References