CVE-2021-35216

HIGH8.9

High EPSS

Description

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Affected products

SolarWinds / Patch Manager2020.2.5 and previous versions. – 2020.2.6

References

MISChttps://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm
VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216
VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-21-1246/