CVE-2021-35249 - OpenCVE

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Solarwinds	Serv-u

Configuration 1 [-]

cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm	Release Notes Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SolarWinds

Published: 2022-05-17T00:00:00

Updated: 2022-05-17T19:44:55

Reserved: 2021-06-22T00:00:00

Link: CVE-2021-35249

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-17T20:15:07.997

Modified: 2022-10-27T11:57:12.037

Link: CVE-2021-35249

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Serv-U", "vendor": "SolarWinds", "versions": [{"lessThan": " 15.3.1 ", "status": "affected", "version": "15.3 and previous versions ", "versionType": "custom"}]}], "datePublic": "2022-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-17T19:44:55", "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249"}, {"tags": ["x_refsource_MISC"], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm"}], "solutions": [{"lang": "en", "value": "Serv-U Customers are advised to upgrade to the fix-version once it becomes generally available on May 17, 2022."}], "source": {"defect": ["CVE-2021-35249"], "discovery": "EXTERNAL"}, "title": "Domain Admin Broken Access Control", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@solarwinds.com", "DATE_PUBLIC": "2022-05-17T10:32:00.000Z", "ID": "CVE-2021-35249", "STATE": "PUBLIC", "TITLE": "Domain Admin Broken Access Control"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Serv-U", "version": {"version_data": [{"version_affected": "<", "version_name": "15.3 and previous versions ", "version_value": " 15.3.1 "}]}}]}, "vendor_name": "SolarWinds"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249", "refsource": "MISC", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249"}, {"name": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm", "refsource": "MISC", "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm"}]}, "solution": [{"lang": "en", "value": "Serv-U Customers are advised to upgrade to the fix-version once it becomes generally available on May 17, 2022."}], "source": {"defect": ["CVE-2021-35249"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "cveId": "CVE-2021-35249", "datePublished": "2022-05-17T00:00:00", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2022-05-17T19:44:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*", "matchCriteriaId": "340F413D-1CEE-4583-A26B-FDF0A8E30812", "versionEndExcluding": "15.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation). This UAC issue leads to a data leak to unauthorized users for a domain, with no log of them accessing the data unless they attempt to modify it. This read-only activity is logged to the original domain and does not specify which domain was accessed."}, {"lang": "es", "value": "Esta vulnerabilidad de control de acceso roto es referida espec\u00edficamente a un administrador de dominio que puede acceder a los datos de configuraci\u00f3n y de usuario de otros dominios a los que no deber\u00eda tener acceso. Tenga en cuenta que el administrador no puede modificar los datos (operaci\u00f3n de s\u00f3lo lectura). Este problema de UAC conlleva a un filtrado de datos a usuarios no autorizados de un dominio, sin que sea registrado su acceso a los datos a menos que intenten modificarlos. Esta actividad de s\u00f3lo lectura es registrada en el dominio original y no especifica a qu\u00e9 dominio ha sido accedido"}], "id": "CVE-2021-35249", "lastModified": "2022-10-27T11:57:12.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@solarwinds.com", "type": "Secondary"}]}, "published": "2022-05-17T20:15:07.997", "references": [{"source": "psirt@solarwinds.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-3-1_release_notes.htm"}, {"source": "psirt@solarwinds.com", "tags": ["Vendor Advisory"], "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35249"}], "sourceIdentifier": "psirt@solarwinds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@solarwinds.com", "type": "Secondary"}]}