Описание
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Ссылки
- Release NotesVendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
8.9 High
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
Связанные уязвимости
Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Уязвимость компонента EditResourceControls программного обеспечения управления патчами SolarWinds Patch Manager, позволяющая нарушителю выполнить произвольный код
EPSS
8.9 High
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2