CVE-2021-35216

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:patch_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:12

Type Values Removed Values Added
References () https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm - Release Notes, Vendor Advisory () https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm - Release Notes, Vendor Advisory
References () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 - Patch, Vendor Advisory () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 - Patch, Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ - Third Party Advisory, VDB Entry
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 8.9

Information

Published : 2021-09-01 15:15

Updated : 2024-11-21 06:12


NVD link : CVE-2021-35216

Mitre link : CVE-2021-35216

CVE.ORG link : CVE-2021-35216


JSON object : View

Products Affected

solarwinds

  • patch_manager
CWE
CWE-502

Deserialization of Untrusted Data