3 matches found
CVE-2021-35216
CVE-2021-35216 affects SolarWinds Patch Manager Patch Manager Orion Platform Integration module. The issue is described as insecure deserialization of untrusted data, leading to remote code execution. The ZDI advisory specifies that the flaw exists in the EditResourceControls endpoint and enables...
CVE-2021-35217
SolarWinds Patch Manager contains a deserialization flaw in the WSAsyncExecuteTasks endpoint that accepts untrusted data, enabling authenticated attackers to achieve remote code execution. The issue can run code under NETWORK SERVICE by deserializing untrusted data. Affected product/module: Patch...
CVE-2021-27240
SolarWinds Patch Manager 2020.2.1 is affected by CVE-2021-27240 due to deserialization of untrusted data in the DataGridService WCF service. The vulnerability enables local attackers who can execute low-privileged code on the target to escalate privileges to Administrator and run arbitrary code. ...