cbcvebase.

Solarwinds Patch Manager vulnerabilities

4 known vulnerabilities affecting solarwinds/patch_manager.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4

Vulnerabilities

Page 1 of 1
CVE-2021-35218P2HIGHCVSS 8.8≥ 2020.5 and previous versions, < 2020.2.62021-09-01
CVE-2021-35218 [HIGH] CWE-502 CVE-2021-35218: Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code executio Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server
nvd
CVE-2021-35216P2HIGHCVSS 8.8fixed in 2020.2.6≥ 2020.2.5 and previous versions., < 2020.2.62021-09-01
CVE-2021-35216 [HIGH] CWE-502 CVE-2021-35216: Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Pat Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
nvd
CVE-2021-35217P2HIGHCVSS 8.8≤ 2020.2.52021-09-08
CVE-2021-35217 [HIGH] CWE-502 CVE-2021-35217: Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patc Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data.
nvd
CVE-2021-27240P3HIGHCVSS 7.8v2020.2.12021-03-29
CVE-2021-27240 [HIGH] CWE-502 CVE-2021-27240: This vulnerability allows local attackers to escalate privileges on affected installations of SolarW This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from th
nvd