cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-35218,https://securityvulnerability.io/vulnerability/CVE-2021-35218,Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability,Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server,Solarwinds,Patch Manager,8.9,HIGH,0.10769999772310257,false,,false,false,false,,,false,false,,2021-09-01T14:24:13.000Z,0
CVE-2021-35216,https://securityvulnerability.io/vulnerability/CVE-2021-35216,"Deserialization of Untrusted Data in Resource Controls Remote Code Execution ",Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.,Solarwinds,Patch Manager,8.9,HIGH,0.119159996509552,false,,false,false,false,,,false,false,,2021-09-01T14:23:01.000Z,0
CVE-2021-27240,https://securityvulnerability.io/vulnerability/CVE-2021-27240,Local Privilege Escalation Vulnerability in SolarWinds Patch Manager,"The identified vulnerability exists in SolarWinds Patch Manager 2020.2.1, allowing local attackers to escalate privileges by exploiting a flaw in the DataGridService WCF service. The vulnerability arises from insufficient validation of user-supplied data, which can lead to deserialization of untrusted data. An attacker who has already executed low-privileged code on the target system could use this weakness to gain Administrator-level privileges and execute arbitrary code.",Solarwinds,Patch Manager,7.8,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-03-29T21:05:30.000Z,0
CVE-2020-12608,https://securityvulnerability.io/vulnerability/CVE-2020-12608,,An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.,Solarwinds,Managed Service Provider Patch Management Engine,7.8,HIGH,0.0040699997916817665,false,,false,false,false,,,false,false,,2020-05-07T16:29:23.000Z,0