CVE-2021-35218 is a vulnerability in SolarWinds Orion Platform
Published on September 1, 2021

Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

LOW

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2021-35218 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2021-35218

Want to know whenever a new CVE is published for SolarWinds Orion Platform? stack.watch will email you.

SolarWinds Orion Platform

Affected Versions

SolarWinds Patch Manager:

Version 2020.5 and previous versions and below 2020.2.6 is affected.

Exploit Probability

EPSS

16.85%

Percentile

94.87%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.