A security vulnerability has been detected in the Serv-U FTP Server file sharing solution developed by SolarWinds, allowing remote threat actors to perform Path Traversal attacks on the vulnerable system.
The vulnerability, tracked as CVE-2021-35250, exists due to a validation error when processing migration sequences. Successfully exploiting a vulnerability could allow access to files on the system.
The high severity vulnerability only affects Serv-U FTP Server version 15.3. SolarWinds has released updates that fix the vulnerability and other issues. Users using the vulnerable version are advised to immediately apply the updates that fix the vulnerability.