CVE-2021-35226

Summary

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Affected Software

VendorProductVersion RangeStatus
SolarWindsNetwork Configuration Manager2020.2.5 and previous version < 2020.2.5affected

Weaknesses

  • CWE-326: CWE-326 Inadequate Encryption Strength

ADP Enrichment

CVE Program Container

Additional References

References