Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-35215
PUBLISHED
More InfoOfficial Page
Assigner-SolarWinds
Assigner Org ID-49f11609-934d-4621-84e6-e02e032104d6
View Known Exploited Vulnerability (KEV) details
Published At-01 Sep, 2021 | 14:21
Updated At-16 Sep, 2024 | 19:52
Rejected At-
▼CVE Numbering Authority (CNA)
ActionPluginBaseView Deserialization of Untrusted Data RCE

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

Affected Products
Vendor
SolarWinds Worldwide, LLC.SolarWinds
Product
Orion Platform
Platforms
  • Windows
Versions
Affected
  • From 2020.2.5 and previous versions before 2020.2.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.18.9HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Version: 3.1
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Customers are advised to update to Orion Platform 2020.2.6 once it becomes available,

Configurations
Workarounds
Exploits
Credits
Jangggggg working with Trend Micro Zero Day Initiative
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
x_refsource_MISC
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
x_refsource_MISC
https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1245/
x_refsource_MISC
Hyperlink: https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Resource:
x_refsource_MISC
Hyperlink: https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
Resource:
x_refsource_MISC
Hyperlink: https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
Resource:
x_refsource_MISC
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-1245/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
x_refsource_MISC
x_transferred
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
x_refsource_MISC
x_transferred
https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-21-1245/
x_refsource_MISC
x_transferred
Hyperlink: https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35215
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://documentation.solarwinds.co/enm/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-1245/
Resource:
x_refsource_MISC
x_transferred
Details not found