CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SolarWindsCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
solarwindsnetwork_configuration_manager
𝑥
≤ 2020.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226