Описание
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-35217
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
- https://support.solarwinds.com/SuccessCenter/s/article/Patch-Manager-2020-2-6-Hotfix-1-Release-Notes?language=en_US
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217
- https://www.zerodayinitiative.com/advisories/ZDI-21-1247
Связанные уязвимости
Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
Уязвимость компонента WSAsyncExecuteTasks программного обеспечения управления патчами SolarWinds Patch Manager, позволяющая нарушителю выполнить произвольный код