Vulnerabilities > CVE-2021-35218 - Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm
- https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35218
- https://www.zerodayinitiative.com/advisories/ZDI-21-1248/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1248/