CVE-2021-35217 is a vulnerability in SolarWinds Patch Manager
Published on September 8, 2021

Insecure Deserialization of untrusted data causing Remote code execution vulnerability.
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

LOW

Products Associated with CVE-2021-35217

Want to know whenever a new CVE is published for SolarWinds Patch Manager? stack.watch will email you.

SolarWinds Patch Manager

Affected Versions

SolarWinds Orion Platform:

Version 2020.2.5 and previous versions and below 2020.2.6 is affected.

Exploit Probability

EPSS

60.06%

Percentile

98.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-35217 is a vulnerability in SolarWinds Patch ManagerPublished on September 8, 2021

Vulnerability Analysis

Products Associated with CVE-2021-35217

Affected Versions

Exploit Probability

CVE-2021-35217 is a vulnerability in SolarWinds Patch Manager
Published on September 8, 2021