CVE-2021-35216

Published: Sep 1, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.

Affected (1)

Products: Solarwinds: Patch Manager

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Patch Manager	Before 2020.2.6

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216

Source: psirt@solarwinds.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1246/

Source: psirt@solarwinds.com

Third Party AdvisoryVDB Entry

https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1246/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.