CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
solarwindsnetwork_configuration_manager
𝑥
≤ 2020.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226