CVE-2021-35216

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.9 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
SolarWindsCNA
8.9 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
solarwindspatch_manager
𝑥
< 2020.2.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/