QSearchQSearch

CVE-2021-3154

7.5 HIGH

An issue was discovered in SolarWinds Serv-U before 15.2.2

Published: 2021-05-04 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-74

Affected products

VendorProduct
solarwindsserv-u

Description

An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-28318 SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-En... (7.5 HIGH)
  • CVE-2026-28299 SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Des... (8.2 HIGH)
  • CVE-2021-3109 The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrat... (4.8 MEDIUM)

Same CWE

  • CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
  • CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
  • CVE-2026-12206 A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
  • CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
  • CVE-2026-12188 A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)