ActionPluginBaseView Deserialization of Untrusted Data RCE Vulnerability 

(CVE-2021-35215)

Download PDF

Security Advisory Summary

Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

Affected Products

  • Orion Platform 2020.2.5 and earlier

Fixed Software Release

Acknowledgments

  • Jangggggg working with Trend Micro Zero Day Initiative

Advisory Details

Severity

8.9 High

Advisory ID

CVE-2021-35215

First Published

07/15/2021

Fixed Version

Orion Platform 2020.2.6

CVSS Score

3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L