CVE-2021-35246

Description

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SolarWinds / Engineer's Toolset2022.3 and previous versions – 2022.3 and previous versions

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246
MISChttps://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm
CONFIRMhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246