Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
References
Link | Resource |
---|---|
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/ | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2021-09-01 08:15
Updated : 2021-11-03 13:23
NVD link : CVE-2021-35216
Mitre link : CVE-2021-35216
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
solarwinds
- patch_manager