{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@solarwinds.com",
        "ID": "CVE-2021-35216",
        "STATE": "PUBLIC",
        "TITLE": "Deserialization of Untrusted Data in Resource Controls Remote Code Execution "
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Patch Manager ",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "Windows ",
                                            "version_affected": "<",
                                            "version_name": "2020.2.5 and previous versions.",
                                            "version_value": "2020.2.6"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "SolarWinds "
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Jangggggg working with Trend Micro Zero Day Initiative "
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-502 Deserialization of Untrusted Data"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm",
                "name": "https://documentation.solarwinds.com/en/success_center/patchman/content/release_notes/patchman_2020-2-6_release_notes.htm"
            },
            {
                "refsource": "MISC",
                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216",
                "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35216"
            },
            {
                "refsource": "MISC",
                "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1246/",
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1246/"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "SolarWinds recommends upgrading to both the latest  version of Patch Manager and Orion Integration Module as soon as it becomes available."
        }
    ],
    "source": {
        "defect": [
            "CVE-2021-35216"
        ],
        "discovery": "UNKNOWN"
    }
}