Vulnerability Description
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Engineer\'S Toolset | 2020.2.6 |
Related Weaknesses (CWE)
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246Third Party Advisory
- https://documentation.solarwinds.com/en/success_center/ets/content/release_notesRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246PatchVendor Advisory
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246Third Party Advisory
- https://documentation.solarwinds.com/en/success_center/ets/content/release_notesRelease NotesVendor Advisory
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246PatchVendor Advisory
FAQ
What is CVE-2021-35246?
CVE-2021-35246 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS ...
How severe is CVE-2021-35246?
CVE-2021-35246 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35246?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Engineer\'S Toolset.