Vulnerabilities > CVE-2021-35214 - Insufficient Session Expiration vulnerability in Solarwinds Pingdom

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

solarwinds

CWE-613

NVD

Published: 2021-10-12

Updated: 2021-10-18

Summary

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.

Vulnerable Configurations

Part	Description	Count
Application	Solarwinds Solarwinds Pingdom *	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214