cbcvebase.
CVE-2021-35226
published 2022-10-10

CVE-2021-35226: An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials…

PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.45%
35.6th percentile
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Affected

2 ranges
VendorProductVersion rangeFixed in
solarwindsnetwork_configuration_manager<= 2020.2.5
solarwindsnetwork_configuration_manager>= 2020.2.5 and previous version < 2020.2.52020.2.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.