Jangggggg

**Name of the Vulnerable Software and Affected Versions** SolarWinds Patch Manager (affected versions not specified) **Description** The issue is related to the deserialization of untrusted data in the Web Console Chart Endpoint, which can lead to remote code execution. An unauthorized attacker with network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server. The vulnerability is associated with the recovery of untrusted data in the Chart component of the SolarWinds Patch Manager software, allowing a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Orion Platform version 2020.2.5 **Description** Insecure deserialization in the Orion Platform leads to Remote Code Execution. This issue is related to the deserialization of untrusted data in the ActionPluginBaseView component, allowing a remote attacker to execute arbitrary code. Authentication is required to exploit this vulnerability. **Recommendations** For SolarWinds Orion Platform version 2020.2.5, consider disabling the deserialization functionality in the ActionPluginBaseView component as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.