{"containers":{"cna":{"affected":[{"product":"Orion Platform","vendor":"SolarWinds","versions":[{"lessThan":"2020.2.6","status":"affected","version":"2020.2.5 and previous versions","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Jangggggg working with Trend Micro Zero Day Initiative"}],"datePublic":"2021-09-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":8.9,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Insecure Deserialization of untrusted data causing Remote code execution vulnerability.","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-10-28T11:06:23.000Z","orgId":"49f11609-934d-4621-84e6-e02e032104d6","shortName":"SolarWinds"},"references":[{"tags":["x_refsource_MISC"],"url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"},{"tags":["x_refsource_MISC"],"url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"},{"tags":["x_refsource_MISC"],"url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"},{"tags":["x_refsource_MISC"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"}],"solutions":[{"lang":"en","value":"SolarWinds  recommends  upgrading  to  both  the  latest  version  of Patch Manager and Orion Integration Module as soon as it becomes available."}],"source":{"discovery":"UNKNOWN"},"title":"Insecure Deserialization of untrusted data causing Remote code execution vulnerability.","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@solarwinds.com","DATE_PUBLIC":"2021-09-02T13:14:00.000Z","ID":"CVE-2021-35217","STATE":"PUBLIC","TITLE":"Insecure Deserialization of untrusted data causing Remote code execution vulnerability."},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Orion Platform","version":{"version_data":[{"version_affected":"<","version_name":"2020.2.5 and previous versions","version_value":"2020.2.6"}]}}]},"vendor_name":"SolarWinds"}]}},"credit":[{"lang":"eng","value":"Jangggggg working with Trend Micro Zero Day Initiative"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Insecure Deseralization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module and reported to us by ZDI. An Authenticated Attacker could exploit it by executing WSAsyncExecuteTasks deserialization of untrusted data."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":8.9,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Insecure Deserialization of untrusted data causing Remote code execution vulnerability."}]}]},"references":{"reference_data":[{"name":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm","refsource":"MISC","url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"},{"name":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm","refsource":"MISC","url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"},{"name":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217","refsource":"MISC","url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"},{"name":"https://www.zerodayinitiative.com/advisories/ZDI-21-1247/","refsource":"MISC","url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"}]},"solution":[{"lang":"en","value":"SolarWinds  recommends  upgrading  to  both  the  latest  version  of Patch Manager and Orion Integration Module as soon as it becomes available."}],"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T00:33:51.218Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-1247/"}]}]},"cveMetadata":{"assignerOrgId":"49f11609-934d-4621-84e6-e02e032104d6","assignerShortName":"SolarWinds","cveId":"CVE-2021-35217","datePublished":"2021-09-08T13:15:03.615Z","dateReserved":"2021-06-22T00:00:00.000Z","dateUpdated":"2024-09-16T20:58:13.615Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}