Описание
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
Уязвимые конфигурации
Конфигурация 1Версия до 13.09.2021 (исключая)
cpe:2.3:a:solarwinds:pingdom:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00248
Низкий
4.8 Medium
CVSS3
4.7 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-613
Связанные уязвимости
github
больше 3 лет назад
The vulnerability can be described as a failure to invalidate user session upon password change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session.
EPSS
Процентиль: 48%
0.00248
Низкий
4.8 Medium
CVSS3
4.7 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-613