Page 2 of 7 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. Una entidad del producto Network Configuration Manager está configurada inapropiadamente y expone el campo de la contraseña al Servicio de Información de Solarwinds (SWIS). Las credenciales expuestas están cifradas y requieren un acceso autenticado con un rol de NCM • https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35226 • CWE-326: Inadequate Encryption Strength •

CVSS: 7.5EPSS: 59%CPEs: 3EXPL: 0

Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. Desbordamiento de buffer basado en memoria dinámica en SolarWinds Network Configuration Manager (NCM) anterior a 7.3 permite a atacantes remotos ejecutar código arbitrario a través de la propiedad PEstrarg1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Network Configuration Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PEstrarg1 property. The issue lies in a failure to validate the size of the input buffer before copying it into a fixed-size buffer on the heap. • http://zerodayinitiative.com/advisories/ZDI-14-133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •