VYPR

Orion Patch Manager

by SolarWinds

CVEs (3)

  • CVE-2021-35216Sep 1, 2021
    risk 0.06cvss epss 0.81

    Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.

  • CVE-2021-35218Sep 1, 2021
    risk 0.01cvss epss 0.76

    Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

  • CVE-2021-27240Mar 29, 2021
    risk 0.00cvss epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…