Chart Endpoint Deserialization of Untrusted Data RCE Vulnerability

(CVE-2021-35218)

Summary

Chart Endpoint Deserialization of Untrusted Data RCE.

Affected Products

Patch Manager 2020.2.5 and earlier

Fixed Software Release

Patch Manager 2020.2.6

Acknowledgments

Jangggggg via Trend Micro Zero Day Initiative

Advisory Details

Severity

8.9 High

Advisory ID

First Published

07/15/2021

Fixed Version

Patch Manager 2020.2.6

CVSS Score

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:
H/I:H/A:L