CVE-2021-35226

Published: Oct 10, 2022Modified: Feb 24, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Affected (1)

Products: Solarwinds: Network Configuration Manager

Solarwinds

1 product

Network Configuration Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Network Configuration Manager	Up to 2020.2.5

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226

Source: psirt@solarwinds.com

PatchVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.