CVE-2021-35214
Session Management Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
La vulnerabilidad en SolarWinds Pingdom puede describirse como un fallo en la invalidación de la sesión de usuario al cambiar la contraseña o la dirección de correo electrónico. Cuando se ejecutaban varias sesiones activas en ventanas de navegador separadas, se observaba que se podía cambiar la contraseña o la dirección de correo electrónico sin terminar la sesión de usuario. Este problema se ha resuelto el 13 de septiembre de 2021
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-22 CVE Reserved
- 2021-10-12 CVE Published
- 2023-05-05 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-613: Insufficient Session Expiration
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Pingdom Search vendor "Solarwinds" for product "Pingdom" | < 13.09.2021 Search vendor "Solarwinds" for product "Pingdom" and version " < 13.09.2021" | - |
Affected
| ||||||