Lucene search

SolarWindsCVELIST:CVE-2021-35214

HistoryOct 12, 2021 - 3:18 p.m.

CVE-2021-35214 Session Management Vulnerability

2021-10-1215:18:07

SolarWinds

www.cve.org

cve-2021-35214

solarwinds

pingdom

session management

CVSS3

4.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.

CNA Affected

[
  {
    "product": "Pingdom",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "13.09.2021",
        "status": "affected",
        "version": "prior to 13.09.2021",
        "versionType": "custom"
      }
    ]
  }
]

References

www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214

CVSS3

4.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-35214