CVE-2021-35214

Summary

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.

Affected Software

VendorProductVersion RangeStatus
SolarWindsPingdomprior to 13.09.2021 < 13.09.2021affected

Weaknesses

  • Session Management Vulnerability in Pingdom

ADP Enrichment

CVE Program Container

Additional References

References