Lucene search
K

7 matches found

BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.5 views

The vulnerability of the WSAsyncExecuteTasks component in the SolarWinds Patch Manager software allows a hacker to execute arbitrary code.

The vulnerability of the WSAsyncExecuteTasks component in the SolarWinds Patch Manager software lies in the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.9CVSS8AI score0.73854EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2021/10/28 12:0 a.m.40 views

SolarWinds Patch Manager WSAsyncExecuteTasks Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Patch Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the WSAsyncExecuteTasks endpoint. The issue results from the lack of proper...

8.8CVSS3.9AI score0.73854EPSS
Exploits0References1
NVD
NVD
added 2021/09/08 2:15 p.m.18 views

CVE-2021-35217

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data...

8.9CVSS0.73854EPSS
Exploits0References4
OSV
OSV
added 2021/09/08 2:15 p.m.5 views

CVE-2021-35217

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data...

8.8CVSS6.4AI score0.73854EPSS
Exploits0References4
Prion
Prion
added 2021/09/08 2:15 p.m.13 views

Remote code execution

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data...

6.5CVSS8.9AI score0.73854EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/09/08 1:15 p.m.64 views

CVE-2021-35217

SolarWinds Patch Manager contains a deserialization flaw in the WSAsyncExecuteTasks endpoint that accepts untrusted data, enabling authenticated attackers to achieve remote code execution. The issue can run code under NETWORK SERVICE by deserializing untrusted data. Affected product/module: Patch...

8.9CVSS9.1AI score0.73854EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/09/08 1:15 p.m.29 views

CVE-2021-35217 Insecure Deserialization of untrusted data causing Remote code execution vulnerability.

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data...

8.9CVSS9.3AI score0.73854EPSS
Exploits0References4
Rows per page
Query Builder