Main Vulnerability Database Vulnerabilities #VU57855

Information disclosure in Pingdom - CVE-2021-35214

Published: November 2, 2021

Vulnerability identifier: #VU57855

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-35214

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: SolarWinds

Affected software:
Pingdom

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected application fails to invalidate user session upon password or email address change. An attacker with physical access can change a password or email address without terminating the user session during multiple active browser sessions.

How to mitigate CVE-2021-35214

Install updates from vendor's website released on 13th September, 2021.

Sources

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214

Information disclosure in Pingdom - CVE-2021-35214

Detailed vulnerability description

How to mitigate CVE-2021-35214

Sources

Please verify you're human