New SolarWinds Serv-U vulnerability targeted in Log4j-related attacks

Hackers are exploiting the recent Log4j vulnerabilities and an undisclosed vulnerability in the SolarWinds Serv-U software (CVE-2021-35247), affecting version 15.2.5 and earlier. The vulnerability, patched in version 15.3, allows attackers to send unsanitized input over the network. SolarWinds has refuted claims made by a Microsoft researcher and stated that improper characters were ignored by LDAP servers, thereby negating any downstream impact.