Vulnerabilities > CVE-2021-35214 - Insufficient Session Expiration vulnerability in Solarwinds Pingdom

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

high complexity

solarwinds

CWE-613

NVD

Published: 2021-10-12

Updated: 2024-11-21

Summary

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Pingdom *	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214
https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214