First published: Wed Nov 23 2022(Updated: )
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
Credit: psirt@solarwinds.com psirt@solarwinds.com
Affected Software | Affected Version | How to fix |
---|---|---|
Solarwinds Engineer\'s Toolset | =2020.2.6-hotfix_4 |
SolarWinds recommends to upgrade to the latest available version of Engineer's Toolset.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35246 is a vulnerability in the Solarwinds Engineer's Toolset application that allows attackers to bypass SSL/TLS encryption and launch attacks against users.
CVE-2021-35246 allows users to connect to the application over unencrypted connections, which can be exploited by attackers to modify network traffic and launch attacks.
CVE-2021-35246 has a severity rating of medium with a CVSS score of 5.3.
To fix CVE-2021-35246, it is recommended to update to the latest version of Solarwinds Engineer's Toolset that includes a patch for the vulnerability.
More information about CVE-2021-35246 can be found on the MITRE CVE database, Solarwinds documentation, and Solarwinds security advisories.