Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
References
Link | Resource |
---|---|
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ | Third Party Advisory VDB Entry |
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 06:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm - Release Notes, Vendor Advisory | |
References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 - Patch, Vendor Advisory | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.9 |
Information
Published : 2021-09-01 15:15
Updated : 2024-11-21 06:12
NVD link : CVE-2021-35216
Mitre link : CVE-2021-35216
CVE.ORG link : CVE-2021-35216
JSON object : View
Products Affected
solarwinds
- patch_manager
CWE
CWE-502
Deserialization of Untrusted Data