CVE-2021-35216 is a vulnerability in SolarWinds Patch Manager
Published on September 1, 2021

Deserialization of Untrusted Data in Resource Controls Remote Code Execution
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

LOW

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2021-35216 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2021-35216

Want to know whenever a new CVE is published for SolarWinds Patch Manager? stack.watch will email you.

SolarWinds Patch Manager

Affected Versions

SolarWinds Patch Manager:

Version 2020.2.5 and previous versions. and below 2020.2.6 is affected.

Exploit Probability

EPSS

51.65%

Percentile

97.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.