Enhancement: cves/2021/CVE-2021-35250.yaml by md

cves/2021/CVE-2021-35250.yaml

@@ -5,18 +5,19 @@ info:
   author: johnk3r,pdteam
   severity: high
   description: |
-    A researcher reported a Directory Traversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.
+    SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://github.com/rissor41/SolarWinds-CVE-2021-35250
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-35250
     - https://support.solarwinds.com/SuccessCenter/s/article/Serv-U-15-3-HotFix-1?language=en_US
     - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35250
     - https://twitter.com/shaybt12/status/1646966578695622662?s=43&t=5HOgSFut7Y75N7CBHEikSg
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-35250
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2021-35250
     cwe-id: CWE-22
+  remediation: Resolved in Serv-U 15.3 Hotfix 1.
   metadata:
     shodan-query: product:"Rhinosoft Serv-U httpd"
   tags: cve,cve2021,solarwinds,traversal
@@ -40,3 +41,5 @@ requests:
       - type: status
         status:
           - 401
+
+# Enhanced by md on 2023/04/20