CVE-2021-35216

HIGH

Patch Manager Orion - RCE

Title source: llm

Description

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.

References (3)

[Release Notes, Vendor Advisory] https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm

[Patch, Vendor Advisory] https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-21-1246/

Scores

CVSS v3 8.9

EPSS 0.5165

EPSS Percentile 97.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Classification

CWE

CWE-502

Status published

Affected Products (1)

solarwinds/patch_manager < 2020.2.6

Timeline

Published Sep 01, 2021

Tracked Since Feb 18, 2026