vulnerability

SolarWinds Serv-U: CVE-2021-35249: Domain Admin Broken Access Control

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	May 17, 2022	Aug 1, 2025	Aug 1, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

May 17, 2022

Added

Aug 1, 2025

Modified

Aug 1, 2025

Description

This broken access control vulnerability pertains specifically to a domain admin who can access configuration and user data of other domains which they should not have access to. Please note the admin is unable to modify the data (read only operation).

Solution

solarwinds-serv-u-upgrade-latest

References

CWE-284
CVE-2021-35249
https://attackerkb.com/topics/CVE-2021-35249
URL-https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35249

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today