CVE-2021-35242 – A valid CSRF token is present in response to an invalid request
https://notcve.org/view.php?id=CVE-2021-35242
Serv-U server responds with valid CSRFToken when the request contains only Session. El servidor Serv-U responde con un CSRFToken válido cuando la petición contiene sólo Session • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-5_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-35245 – Broken Access Control Vulnerability for SolarWinds Serv-U
https://notcve.org/view.php?id=CVE-2021-35245
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. Cuando un usuario presenta derechos de administrador en la Consola de Serv-U, el usuario puede mover, crear y eliminar cualquier archivo al que se pueda acceder en la máquina anfitriona de Serv-U • https://documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-5_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35245 • CWE-284: Improper Access Control •