cbcvebase.
CVE-2021-35218
published 2021-09-01

CVE-2021-35218: Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the…

PriorityP276high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
76.41%
99.5th percentile
Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsorion_platform< 2020.2.62020.2.6
solarwindspatch_manager>= 2020.5 and previous versions < 2020.2.62020.2.6

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.