CVE-2021-35226

Name of the Vulnerable Software and Affected Versions Network Configuration Manager (affected versions not specified)

Description The issue is related to a misconfigured entity in the Network Configuration Manager product, which exposes a password field to the Solarwinds Information Service (SWIS). The exposed credentials are encrypted and can only be accessed with authenticated access and an NCM role. This could potentially allow a remote attacker to disclose user credentials through command injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.