Total
289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21031 | 1 Magento | 1 Magento | 2023-12-10 | 7.5 HIGH | 5.6 MEDIUM |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation. | |||||
| CVE-2020-23136 | 1 Microweber | 1 Microweber | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Microweber v1.1.18 is affected by no session expiry after log-out. | |||||
| CVE-2020-24713 | 1 Getgophish | 1 Gophish | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. | |||||
| CVE-2019-19199 | 1 Reddoxx | 1 Maildepot | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout. | |||||
| CVE-2016-20007 | 1 Rest\/json Project | 1 Rest\/json | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2020-15218 | 1 Combodo | 1 Itop | 2023-12-10 | 3.5 LOW | 6.8 MEDIUM |
| Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0. | |||||
| CVE-2020-15950 | 1 Immuta | 1 Immuta | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. | |||||
| CVE-2020-6363 | 1 Sap | 1 Commerce Cloud | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
| SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration. | |||||
| CVE-2009-20001 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. | |||||
| CVE-2020-4696 | 1 Ibm | 1 Cloud Pak For Security | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789. | |||||
| CVE-2021-21032 | 1 Magento | 1 Magento | 2023-12-10 | 7.5 HIGH | 5.6 MEDIUM |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation. | |||||
| CVE-2021-3183 | 1 Files | 1 Fat Client | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. | |||||
| CVE-2020-13353 | 1 Gitlab | 1 Gitaly | 2023-12-10 | 2.1 LOW | 3.2 LOW |
| When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | |||||
| CVE-2020-35358 | 1 Domainmod | 1 Domainmod | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality. | |||||
| CVE-2019-3867 | 1 Redhat | 1 Quay | 2023-12-10 | 4.4 MEDIUM | 4.1 MEDIUM |
| A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. | |||||
| CVE-2021-3311 | 1 Octobercms | 1 October | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. | |||||
| CVE-2020-25374 | 1 Cyberark | 1 Privileged Session Manager | 2023-12-10 | 2.1 LOW | 2.6 LOW |
| CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | |||||
| CVE-2020-27739 | 1 Citadel | 1 Webcit | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. | |||||
| CVE-2020-4995 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912. | |||||
| CVE-2020-4395 | 1 Ibm | 1 Security Access Manager Appliance | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358. | |||||