CVE-2021-35216
HIGHSolarWinds Patch Manager < 2020.2.6 - Authenticated Remote Code Execution via Insecure Deserialization
Title source: llmDescription
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm
Patch, Vendor Advisory x_refsource_misc
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1246/
Scores
CVSS v3
8.9
EPSS
0.7326
EPSS Percentile
98.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Details
CWE
CWE-502
Status
published
Products (1)
solarwinds/patch_manager
< 2020.2.6
Published
Sep 01, 2021
Tracked Since
Feb 18, 2026