Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
References
Link | Resource |
---|---|
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm | Not Applicable Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1248/ | Third Party Advisory VDB Entry |
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm | Not Applicable Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1248/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 06:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.9 |
References | () https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm - Not Applicable, Vendor Advisory | |
References | () https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218 - Vendor Advisory | |
References | () https://www.zerodayinitiative.com/advisories/ZDI-21-1248/ - Third Party Advisory, VDB Entry |
Information
Published : 2021-09-01 15:15
Updated : 2024-11-21 06:12
NVD link : CVE-2021-35218
Mitre link : CVE-2021-35218
CVE.ORG link : CVE-2021-35218
JSON object : View
Products Affected
solarwinds
- orion_platform
CWE
CWE-502
Deserialization of Untrusted Data