Lucene search

SolarWindsCVELIST:CVE-2021-35218

HistorySep 01, 2021 - 2:24 p.m.

CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

2021-09-0114:24:13

CWE-502

SolarWinds

www.cve.org

8.9 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

9.1 High

AI Score

Confidence

High

0.069 Low

EPSS

Percentile

94.0%

JSON

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Patch Manager ",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "2020.2.6",
        "status": "affected",
        "version": "2020.5 and previous versions ",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/cve-2021-35218

www.zerodayinitiative.com/advisories/ZDI-21-1248/

8.9 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

9.1 High

AI Score

Confidence

High

0.069 Low

EPSS

Percentile

94.0%

JSON

Related for CVELIST:CVE-2021-35218