CVE-2021-35226

EUVD-2021-21869
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SolarWindsCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
solarwindsnetwork_configuration_manager
𝑥
≤ 2020.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226