Microsoft researchers have discovered a previously undisclosed vulnerability in the SolarWinds Serv-U software while monitoring threats related to Log4J vulnerabilities.
Jonathan Bar Or explained on Twitter that while he was hunting for a Log4J exploit attempt, he noticed attacks coming from serv-u.exe.
“Taking a closer looked revealed you could feed Ssrv-U with data and it’ll build a LDAP query with your unsanitized input! This could be used for log4j attack attempts, but also for LDAP injection,” he wrote.
Read more…
Source: ZDNet