CVE-2020-35211: 
Java vulnerability analysis and mitigation

SolarWinds Serv-U contains a critical memory escape vulnerability (CVE-2021-35211) that allows remote code execution. The vulnerability was discovered in July 2021 and affects the SSH component of Serv-U, which is used for secure file transfers using SCP. This vulnerability was reported to SolarWinds by Microsoft and has been actively exploited in the wild (Censys Report).

The vulnerability exists in the SSH component of Serv-U and involves a memory escape condition that can lead to remote code execution. According to analysis, over 8,300 SolarWinds SSH services were found exposed to the internet, with significant presence in China and the US. The vulnerability has been assigned CWE-787 classification relating to memory corruption (CISA KEV).

If Serv-U's SSH is exposed to the internet, successful exploitation would give attackers the ability to remotely run arbitrary code with privileges. This access allows attackers to perform malicious actions such as installing and running malicious payloads, or viewing and modifying data (Censys Report).

SolarWinds has released hotfix 15.2.3 HF2 to address this vulnerability. Organizations are advised to either apply this hotfix or block internet access to mitigate CVE-2021-35211. Additionally, it is recommended to perform forensic analysis on any Serv-U host that has exposed SSH to the internet (Censys Report).