← Zuruck zu CVEs
CVE-2021-35216
HIGH8.9
Beschreibung
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
CVE Details
CVSS v3.1 Bewertung8.9
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht9/1/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
solarwinds:patch_manager
Schwachen (CWE)
CWE-502CWE-502
Referenzen
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm(psirt@solarwinds.com)
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216(psirt@solarwinds.com)
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/(psirt@solarwinds.com)
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm(af854a3a-2127-422b-91ae-364da2661108)
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.