On Friday, July 9, 2021, SolarWinds issued CVE-2021-35211 related to a vulnerability in Serv-U Managed File Transfer Server and Serv-U Secured FTP. We have released a hotfix to resolve this vulnerability and encourage customers to update as soon as possible.
The vulnerability exists in the latest Serv-U version 15.2.3 HF1, and all prior versions. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.
For more information, please see our Trust Center.