CVE-2021-35217

Опубликовано: 08 сент. 2021

Источник: nvd

CVSS3: 8.9

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.

Ссылки

https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Vendor Advisory
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
Release Notes
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1247/
Third Party Advisory
VDB Entry
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Vendor Advisory
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
Release Notes
Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1247/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:solarwinds:patch_manager:*:*:*:*:*:*:*:*

Версия до 2020.2.5 (включая)

EPSS

Процентиль: 98%

0.60058

Средний

8.9 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-mr2h-fcf6-jvx9

github

больше 3 лет назад

BDU:2021-06252

CVSS3: 8.9

fstec

больше 4 лет назад

Уязвимость компонента WSAsyncExecuteTasks программного обеспечения управления патчами SolarWinds Patch Manager, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%

0.60058

Средний

8.9 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502