An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
References
Link | Resource |
---|---|
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226 | Patch Vendor Advisory |
Configurations
History
03 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. |
Information
Published : 2022-10-10 23:15
Updated : 2024-02-28 19:29
NVD link : CVE-2021-35226
Mitre link : CVE-2021-35226
CVE.ORG link : CVE-2021-35226
JSON object : View
Products Affected
solarwinds
- network_configuration_manager
CWE
CWE-326
Inadequate Encryption Strength