First published: Mon Oct 10 2022(Updated: )
An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.
Credit: psirt@solarwinds.com psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Network Configuration Manager | <=2020.2.5 |
SolarWinds recommends customers upgrade to the latest version once it becomes generally available.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-35226.
The title of this vulnerability is 'An entity in Network Configuration Manager product is misconfigured and exposing password field to SWIS'.
The severity of CVE-2021-35226 is medium (6.5).
The Solarwinds Network Configuration Manager (version 2020.2.5) is affected by CVE-2021-35226.
To fix CVE-2021-35226, ensure that the entity in Network Configuration Manager product is properly configured and not exposing the password field to SWIS.