Pingdom Session Management Vulnerability (CVE-2021-35214)

Security Advisory Summary

The vulnerability can be described as a failure to invalidate user sessions upon password or email address change. It was observed when running multiple active sessions in separate browser windows. During multiple active browser sessions, a password or email address could be changed without terminating the user session.

Affected Products

  • Pingdom

Fixed Software Release

  • Pingdom, as of September 13, 2021

Acknowledgments

  • Taseer Hussain
Advisory Details
Severity
Medium
Advisory ID

CVE-2021-35214

First Published
09/13/2021
Fixed Version

Pingdom

CVSS Score

CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:C/

C:H/I:N/A:N

Download PDF
Send an Email