Authentication flaw

2022-11-2317:15:00

PRIOn knowledge base

www.prio-n.com

authentication

flaw

unencrypted connections

ssl/tls bypass

vulnerability

network traffic

attack platform

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

JSON

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users.

CPENameOperatorVersion
engineer\\'s_toolseteq2020.2.6 hotfix-4

CPE	Name	Operator	Version
	engineer\\'s_toolset	eq	2020.2.6 hotfix-4

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35246

documentation.solarwinds.com/en/success_center/ets/content/release_notes/ets_2022-4_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/CVE-2021-35246