CVE-2021-35218
Summary
| CVE | CVE-2021-35218 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-01 15:15:00 UTC |
| Updated | 2021-11-03 20:23:00 UTC |
| Description | Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Solarwinds | Orion Platform | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ZDI-21-1248 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| SolarWinds Trust Center Security Advisories | CVE-2021-35218 | MISC | www.solarwinds.com | |
| Patch Manager 2020.2.6 Release Notes | MISC | documentation.solarwinds.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Jangggggg via Trend Micro Zero Day Initiative
Legacy QID Mappings
- 376651 SolarWinds Orion Patch Manager Remote Code Execution (RCE) Vulnerability