vulnerability

SolarWinds Serv-U: CVE-2021-3154: Improper Neutralization of Special Elements in Output Used by a Downstream Component

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	May 4, 2021	Aug 6, 2025	Aug 6, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

May 4, 2021

Added

Aug 6, 2025

Modified

Aug 6, 2025

Description

An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.

Solution

solarwinds-serv-u-upgrade-latest

References

CWE-74
CVE-2021-3154
https://attackerkb.com/topics/CVE-2021-3154
https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-2_release_notes.htm

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report