Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets.
Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an ” input validation vulnerability that could allow attackers to build a query given some input and send that