CVE-2021-35218

Summary

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

Affected Software

VendorProductVersion RangeStatus
SolarWindsPatch Manager2020.5 and previous versions < 2020.2.6affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References