Lucene search
SolarWindsCVE-2021-35226HistoryOct 10, 2022 - 11:15 p.m.
CVE-2021-35226
2022-10-1023:15:14
CWE-326
SolarWinds
web.nvd.nist.gov
29
6
cve-2021-35226
network configuration manager
security misconfiguration
password exposure
swis
ncm role
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
28.4%
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
Affected configurations
Node
solarwindsnetwork_configuration_managerRange≤2020.2.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | network_configuration_manager | * | cpe:2.3:a:solarwinds:network_configuration_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Network Configuration Manager",
"vendor": "SolarWinds",
"versions": [
{
"lessThan": "2020.2.5",
"status": "affected",
"version": "2020.2.5 and previous version",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2021-35226 Hashed Credential Exposure Vulnerability
2022-10-10 00:00:00
prion
prion
Design/Logic Flaw
2022-10-10 23:15:00
nvd
nvd
CVE-2021-35226
2022-10-10 23:15:14
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
28.4%
Related for CVE-2021-35226