Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
References
Link | Resource |
---|---|
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ | Third Party Advisory VDB Entry |
Configurations
History
03 Nov 2021, 20:23
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ - Third Party Advisory, VDB Entry |
28 Oct 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Sep 2021, 01:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
CWE | CWE-502 | |
CPE | cpe:2.3:a:solarwinds:patch_manager:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 - Patch, Vendor Advisory | |
References | (MISC) https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm - Release Notes, Vendor Advisory |
01 Sep 2021, 15:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-01 15:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-35216
Mitre link : CVE-2021-35216
CVE.ORG link : CVE-2021-35216
JSON object : View
Products Affected
solarwinds
- patch_manager
CWE
CWE-502
Deserialization of Untrusted Data