Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
References
Link | Resource |
---|---|
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm | Not Applicable Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1248/ | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2021-09-01 08:15
Updated : 2021-11-03 13:23
NVD link : CVE-2021-35218
Mitre link : CVE-2021-35218
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
solarwinds
- orion_platform