Hashed Credential Exposure Vulnerability

(CVE-2021-35226)

Summary

An entity in Network Configuration Manager (NCM) product is misconfigured and exposes password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Affected Products

NCM 2020.2.5 and previous versions

Fixed Software Release

Hybrid Cloud
Observability 2022.3

Acknowledgments

Preston Deason
Chad Larsen
Zachary Riezenman

Advisory Details

Severity

2.7 Low

Advisory ID

CVE-2021-35226

First Published

09/28/2022

Fixed Version

Hybrid Cloud
Observability 2022.3

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:
U/C:L/I:N/A:N