Description
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- SolarWinds / Orion Platform2020.2.5 and previous versions – 2020.2.6
References
- MISChttps://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
- VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
- MISChttps://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
- VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-21-1245/