CVE-2021-35246

Summary

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.

Affected Software

VendorProductVersion RangeStatus
SolarWindsEngineer’s Toolset2022.3 and previous versionsaffected

Weaknesses

  • CWE-319: CWE-319 Inappropriate Encoding for Output Context

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References