Vulnerabilities (CVE)

Filtered by CWE-613
Total 144 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35214 1 Solarwinds 1 Pingdom 2021-10-18 1.9 LOW 4.7 MEDIUM
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
CVE-2021-20473 1 Ibm 1 Sterling File Gateway 2021-10-16 4.0 MEDIUM 6.5 MEDIUM
IBM Sterling File Gateway User Interface through does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944.
CVE-2021-24019 1 Fortinet 1 Forticlient Endpoint Management Server 2021-10-14 7.5 HIGH 9.8 CRITICAL
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
CVE-2021-41100 1 Wire 1 Wire-server 2021-10-12 7.5 HIGH 9.8 CRITICAL
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used.
CVE-2021-37333 1 Bookingcore 1 Booking Core 2021-10-12 7.5 HIGH 9.8 CRITICAL
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at does not invalidate a session that is opened in a different browser.
CVE-2021-38823 1 Icehrm 1 Icehrm 2021-10-12 7.5 HIGH 9.8 CRITICAL
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.
CVE-2021-34428 3 Debian, Eclipse, Netapp 8 Debian Linux, Jetty, Active Iq Unified Manager and 5 more 2021-10-01 3.6 LOW 3.5 LOW
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
CVE-2021-33982 1 Myfwc 1 Fish \| Hunt Fl 2021-09-15 5.0 MEDIUM 7.5 HIGH
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.
CVE-2020-29012 1 Fortinet 1 Fortisandbox 2021-09-14 5.0 MEDIUM 5.3 MEDIUM
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
CVE-2018-10990 1 Commscope 2 Arris Tg1682g, Arris Tg1682g Firmware 2021-09-13 7.5 HIGH 8.0 HIGH
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.
CVE-2021-39113 1 Atlassian 2 Data Center, Jira 2021-09-02 5.0 MEDIUM 7.5 HIGH
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0.
CVE-2021-35342 1 2 Mender, Useradm 2021-09-01 4.3 MEDIUM 7.5 HIGH
The useradm service 1.14.0 (in Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
CVE-2021-37693 1 Discourse 1 Discourse 2021-08-30 5.0 MEDIUM 7.5 HIGH
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password.
CVE-2015-5171 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2021-08-25 7.5 HIGH 9.8 CRITICAL
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
CVE-2021-37156 1 Redmine 1 Redmine 2021-08-12 5.0 MEDIUM 7.5 HIGH
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
CVE-2020-3188 1 Cisco 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more 2021-08-12 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only.
CVE-2021-33322 1 Liferay 2 Dxp, Liferay Portal 2021-08-11 5.0 MEDIUM 7.5 HIGH
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token.
CVE-2021-20431 3 Ibm, Linux, Microsoft 3 I2 Analysts Notebook, Linux Kernel, Windows 2021-08-04 4.3 MEDIUM 6.5 MEDIUM
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.
CVE-2019-11168 1 Intel 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more 2021-07-21 6.4 MEDIUM 9.1 CRITICAL
Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
CVE-2020-24387 2 Fedoraproject, Yubico 2 Fedora, Yubihsm-shell 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.