Vulnerability Description
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Patch Manager | < 2020.2.6 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/patchman/content/release_Release NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216PatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1246/Third Party AdvisoryVDB Entry
- https://documentation.solarwinds.com/en/success_center/patchman/content/release_Release NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216PatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1246/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-35216?
CVE-2021-35216 is a vulnerability with a CVSS score of 8.9 (HIGH). Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP...
How severe is CVE-2021-35216?
CVE-2021-35216 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35216?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Patch Manager.