CVE-2021-35215 is a vulnerability in SolarWinds Orion Platform
Published on September 1, 2021

ActionPluginBaseView Deserialization of Untrusted Data RCE
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

LOW

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2021-35215 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2021-35215

Want to know whenever a new CVE is published for SolarWinds Orion Platform? stack.watch will email you.

SolarWinds Orion Platform

Affected Versions

SolarWinds Orion Platform:

Version 2020.2.5 and previous versions and below 2020.2.6 is affected.

Exploit Probability

EPSS

82.76%

Percentile

99.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.