{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Engineer's Toolset", "vendor": "SolarWinds", "versions": [ { "status": "affected", "version": "2022.3 and previous versions" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Justo Socarras" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users." } ], "value": "The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users." } ], "impacts": [ { "capecId": "CAPEC-94", "descriptions": [ { "lang": "en", "value": "CAPEC-94 Man in the Middle Attack" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-319", "description": "CWE-319 Inappropriate Encoding for Output Context", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-10-23T12:45:14.632Z" }, "references": [ { "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246" }, { "name": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm", "url": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm" }, { "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "SolarWinds recommends to upgrade to the latest available version of Engineer's Toolset. 
" } ], "value": "SolarWinds recommends to upgrade to the latest available version of Engineer's Toolset. \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Unprotected Transport of Credentials (HSTS) Vulnerability", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:51.305Z" }, "title": "CVE Program Container", "references": [ { "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246", "tags": [ "x_transferred" ] }, { "name": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm", "url": "https://documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm", "tags": [ "x_transferred" ] }, { "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246", "tags": [ "x_transferred" ] } ] }, { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2025-04-25T18:18:35.891700Z", "id": "CVE-2021-35246", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T18:18:44.414Z" } } ] }, "cveMetadata": { "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "cveId": "CVE-2021-35246", "serial": 1, "state": "PUBLISHED", "dateUpdated": "2025-04-25T18:18:44.414Z", "dateReserved": "2021-06-22T00:00:00.000Z", "datePublished": "2022-11-23T16:48:18.061Z", "assignerShortName": "SolarWinds" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }