Lucene search
K

43 matches found

CVE
CVE
added 2021/09/08 1:15 p.m.70 views

CVE-2021-35217

SolarWinds Patch Manager contains a deserialization flaw in the WSAsyncExecuteTasks endpoint that accepts untrusted data, enabling authenticated attackers to achieve remote code execution. The issue can run code under NETWORK SERVICE by deserializing untrusted data. Affected product/module: Patch...

8.9CVSS9.1AI score0.73854EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/09/08 1:15 p.m.34 views

CVE-2021-35217 Insecure Deserialization of untrusted data causing Remote code execution vulnerability.

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data...

8.9CVSS9.3AI score0.73854EPSS
Exploits0References4
OSV
OSV
added 2021/09/01 3:15 p.m.6 views

CVE-2021-35216

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution...

8.8CVSS7.9AI score0.81402EPSS
Exploits0References3
NVD
NVD
added 2021/09/01 3:15 p.m.24 views

CVE-2021-35218

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server...

8.9CVSS0.76411EPSS
Exploits0References3
OSV
OSV
added 2021/09/01 3:15 p.m.4 views

CVE-2021-35218

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server...

8.8CVSS7.6AI score0.76411EPSS
Exploits0References3
NVD
NVD
added 2021/09/01 3:15 p.m.30 views

CVE-2021-35216

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution...

9CVSS0.81402EPSS
Exploits0References3
Prion
Prion
added 2021/09/01 3:15 p.m.15 views

Remote code execution

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution...

9CVSS9.1AI score0.81402EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/09/01 3:15 p.m.15 views

Deserialization of untrusted data

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server...

6.5CVSS8.9AI score0.76411EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/09/01 2:24 p.m.60 views

CVE-2021-35218

CVE-2021-35218 affects the SolarWinds Patch Manager Web Console Chart Endpoint. The root cause is deserialization of untrusted data, leading to remote code execution. An attacker with network access can exploit this (authentication is required in some advisories, but bypass is noted in at least o...

8.9CVSS8.9AI score0.76411EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/01 2:24 p.m.22 views

CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server...

8.9CVSS9.1AI score0.76411EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/01 2:23 p.m.31 views

CVE-2021-35216 Deserialization of Untrusted Data in Resource Controls Remote Code Execution

Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution...

8.9CVSS9.3AI score0.81402EPSS
Exploits0References3
CVE
CVE
added 2021/09/01 2:23 p.m.70 views

CVE-2021-35216

CVE-2021-35216 affects SolarWinds Patch Manager Patch Manager Orion Platform Integration module. The issue is described as insecure deserialization of untrusted data, leading to remote code execution. The ZDI advisory specifies that the flaw exists in the EditResourceControls endpoint and enables...

9CVSS9.2AI score0.81402EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.6 views

Solarwinds Orion Platform 代码问题漏洞

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

9CVSS8.6AI score0.81402EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.6 views

Solarwinds Orion Patch Manager Web Console 代码问题漏洞

solarwinds Patch Manager is an application from solarwinds, Inc. It is used to manage third-party software. A security vulnerability exists in the Solarwinds Orion Patch Manager Web Console that stems from. deserialization of untrusted data in the Web Console chart endpoint could lead to remote...

8.9CVSS8.5AI score0.76411EPSS
Exploits0References4
OSV
OSV
added 2021/03/29 9:15 p.m.4 views

CVE-2021-27240

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

7.8CVSS7.4AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2021/03/29 9:15 p.m.28 views

CVE-2021-27240

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

7.8CVSS0.0042EPSS
Exploits0References1
Prion
Prion
added 2021/03/29 9:15 p.m.17 views

Deserialization of untrusted data

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

7.2CVSS7.8AI score0.0042EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/03/29 9:5 p.m.56 views

CVE-2021-27240

SolarWinds Patch Manager 2020.2.1 is affected by CVE-2021-27240 due to deserialization of untrusted data in the DataGridService WCF service. The vulnerability enables local attackers who can execute low-privileged code on the target to escalate privileges to Administrator and run arbitrary code. ...

7.8CVSS7.9AI score0.0042EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/29 9:5 p.m.32 views

CVE-2021-27240

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

7.8CVSS8AI score0.0042EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/29 12:0 a.m.6 views

solarwinds Patch Manager 代码问题漏洞

solarwinds Patch Manager is an application from solarwinds, Inc. It is used to manage third-party software. A security vulnerability in SolarWinds Patch Manager 2020.2.1, which exists due to a lack of proper validation of user-supplied data, can be exploited by an attacker to escalate privileges...

7.8CVSS7.8AI score0.0042EPSS
Exploits0References2
Rows per page
Query Builder