Unprotected Transport of Credentials (HSTS) Vulnerability

CVE-2021-35246

5.3MEDIUM

Key Information

Vendor: Solarwinds
Status: Engineer's Toolset
Vendor: CVE Published:; 23 November 2022

Summary

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.

Affected Version(s)

Engineer's Toolset = 2022.3 and previous versions

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 23, 2022
Vulnerability Reserved.
Jun 22, 2021

Collectors

NVD DatabaseMitre Database

Credit

Justo Socarras