An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
References
Link | Resource |
---|---|
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226 | Patch Vendor Advisory |
Configurations
History
03 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. |
11 Oct 2022, 18:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:solarwinds:network_configuration_manager:*:*:*:*:*:*:*:* | |
CWE | CWE-326 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Solarwinds network Configuration Manager
Solarwinds |
10 Oct 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-10 23:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-35226
Mitre link : CVE-2021-35226
CVE.ORG link : CVE-2021-35226
JSON object : View
Products Affected
solarwinds
- network_configuration_manager
CWE
CWE-326
Inadequate Encryption Strength