← Back to CVEs
CVE-2021-35216
HIGH8.9
Description
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
CVE Details
CVSS v3.1 Score8.9
SeverityHIGH
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published9/1/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
solarwinds:patch_manager
Weaknesses (CWE)
CWE-502CWE-502
References
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm(psirt@solarwinds.com)
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216(psirt@solarwinds.com)
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/(psirt@solarwinds.com)
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm(af854a3a-2127-422b-91ae-364da2661108)
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216(af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.