Vulnerability: Misconfigured Entity in Network Configuration Manager Exposes Encrypted Passwords to Solarwinds Information Service

Vulnerability: Misconfigured Entity in Network Configuration Manager Exposes Encrypted Passwords to Solarwinds Information Service

CVE-2021-35226 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Learn more about our Network Penetration Testing.