Pingdom Session Management Vulnerability

(CVE-2021-35214)

Security Advisory Summary

The vulnerability can be described as a failure to invalidate user sessions upon password or email address change. It was observed when running multiple active sessions in separate browser windows. During multiple active browser sessions, a password or email address could be changed without terminating the user session.

Affected Products

Pingdom

Fixed Software Release

Pingdom, as of September 13, 2021

Acknowledgments

Taseer Hussain

Advisory Details

Severity

4.8 Medium

Advisory ID

CVE-2021-35214

First Published

09/13/2021

Fixed Version

Pingdom

CVSS Score

CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:C/

C:H/I:N/A:N