Vulnerability Description
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Patch Manager | <= 2020.2.5 |
Related Weaknesses (CWE)
References
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/corVendor Advisory
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1247/Third Party AdvisoryVDB Entry
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/corVendor Advisory
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/relRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1247/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-35217?
CVE-2021-35217 is a vulnerability with a CVSS score of 8.9 (HIGH). Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker cou...
How severe is CVE-2021-35217?
CVE-2021-35217 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35217?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Patch Manager.