Vulnerabilities > CVE-2021-35218 - Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

solarwinds

CWE-502

NVD

Published: 2021-09-01

Updated: 2021-11-03

Summary

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Orion Platform 2016.1 Solarwinds Orion Platform 2016.2 Solarwinds Orion Platform 2017.1 Solarwinds Orion Platform 2017.3 Solarwinds Orion Platform 2018.2 Solarwinds Orion Platform 2018.4 Solarwinds Orion Platform 2019.2 Solarwinds Orion Platform 2019.4 Solarwinds Orion Platform 2019.4.2 Solarwinds Orion Platform 2020.2 Solarwinds Orion Platform 2020.2.1 Solarwinds Orion Platform 2020.2.4 Solarwinds Orion Platform 2020.2.5	46

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References