CVE-2021-35214 MEDIUM

CVE-2021-35214: Session Management Vulnerability

Vendor Solarwinds
Product Pingdom
Published October 12, 2021
Last update August 4, 2024

CVSS base score

4.8/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.

Key dates

02Disclosure timeline

October 12, 2021 CVE published
August 4, 2024 Record updated