Patch Manager
CVE-2021-35216
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
AnalysisAI
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution. Affected products include: Solarwinds Patch Manager.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.
More in Patch Manager
View allInsecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Plat
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today