Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-35226
PUBLISHED
More InfoOfficial Page
Assigner-SolarWinds
Assigner Org ID-49f11609-934d-4621-84e6-e02e032104d6
View Known Exploited Vulnerability (KEV) details
Published At-10 Oct, 2022 | 00:00
Updated At-04 Aug, 2024 | 00:33
Rejected At-
▼CVE Numbering Authority (CNA)
Hashed Credential Exposure Vulnerability

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Affected Products
Vendor
SolarWinds Worldwide, LLC.SolarWinds
Product
Network Configuration Manager
Default Status
unaffected
Versions
Affected
  • From 2020.2.5 and previous version before 2020.2.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326 Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

SolarWinds recommends customers upgrade to the latest version once it becomes generally available.

Configurations
Workarounds
Exploits
Credits
finder
SolarWinds would like to thank Preston Deason, Chad Larsen and Zachary Riezenman for reporting on the issue in a responsible manner.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226
N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226
x_transferred
Details not found