Microsoft researchers tracking Apache Log4j exploits last week discovered a previously undisclosed vulnerability in SolarWinds’ Serv-U software. The vulnerability is an input validation vulnerability that could allow attackers to build a query given some input and send that query over the network without sanitation. Security experts praise the disclosure-to-patch process on this case, which took two days, was impressive. The Dutch National Cyber Security Center issued a stark warning last week: Don’t lose sight of the exploits, as more attacks are likely to be carried out.”]
Source: https://www.cuinfosecurity.com/microsoft-finds-solarwinds-vulnerability-amid-log4j-search-a-18369