Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37570 | 1 Esds.co | 1 Emagic Data Center Management | 2024-11-21 | 7.2 High |
| This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system. | ||||
| CVE-2023-37504 | 1 Hcltech | 1 Hcl Compass | 2024-11-21 | 7.1 High |
| HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user. | ||||
| CVE-2023-33303 | 1 Fortinet | 1 Fortiedr | 2024-11-21 | 7.7 High |
| A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request | ||||
| CVE-2023-31065 | 1 Apache | 1 Inlong | 2024-11-21 | 9.1 Critical |
| Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it. | ||||
| CVE-2023-28001 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4.1 Medium |
| An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. | ||||
| CVE-2023-26288 | 1 Ibm | 1 Aspera Orchestrator | 2024-11-21 | 5.5 Medium |
| IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477. | ||||
| CVE-2023-24426 | 1 Jenkins | 1 Azure Ad | 2024-11-21 | 8.8 High |
| Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. | ||||
| CVE-2023-1854 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2024-11-21 | 4.7 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0227 | 1 Pyload | 1 Pyload | 2024-11-21 | 6.5 Medium |
| Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. | ||||
| CVE-2022-4070 | 1 Librenms | 1 Librenms | 2024-11-21 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2022-47406 | 1 Change Password For Frontend Users Project | 1 Change Password For Frontend Users | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed. | ||||
| CVE-2022-43844 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2024-11-21 | 8.8 High |
| IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081. | ||||
| CVE-2022-41672 | 1 Apache | 1 Airflow | 2024-11-21 | 8.1 High |
| In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. | ||||
| CVE-2022-41542 | 1 Devhubapp | 1 Devhub | 2024-11-21 | 5.4 Medium |
| devhub 0.102.0 was discovered to contain a broken session control. | ||||
| CVE-2022-41291 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | ||||
| CVE-2022-40230 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 6.5 Medium |
| "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532." | ||||
| CVE-2022-40228 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 3.7 Low |
| IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527. | ||||
| CVE-2022-3916 | 1 Redhat | 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more | 2024-11-21 | 6.8 Medium |
| A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | ||||
| CVE-2022-3867 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 2.7 Low |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2. | ||||
| CVE-2022-3362 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. | ||||