Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4284 | 1 Ibm | 1 Security Information Queue | 2024-09-16 | 5.3 Medium |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176207. | ||||
| CVE-2020-4253 | 1 Ibm | 1 Content Navigator | 2024-09-16 | 8.8 High |
| IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559. | ||||
| CVE-2021-25992 | 1 If-me | 1 Ifme | 2024-09-16 | 9.8 Critical |
| In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks. | ||||
| CVE-2021-29846 | 1 Ibm | 1 Security Guardium Insights | 2024-09-16 | 2.7 Low |
| IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. | ||||
| CVE-2020-4696 | 1 Ibm | 1 Cloud Pak For Security | 2024-09-16 | 4.3 Medium |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789. | ||||
| CVE-2022-35728 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-09-16 | 8.1 High |
| In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2021-36330 | 1 Dell | 1 Emc Streaming Data Platform | 2024-09-16 | 8.1 High |
| Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. | ||||
| CVE-2016-0234 | 1 Ibm | 1 Openpages Grc Platform | 2024-09-16 | N/A |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. | ||||
| CVE-2021-20473 | 1 Ibm | 1 Sterling File Gateway | 2024-09-16 | 6.5 Medium |
| IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944. | ||||
| CVE-2021-20581 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-09-13 | 5.3 Medium |
| IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324. | ||||
| CVE-2023-45659 | 1 Engelsystem | 1 Engelsystem | 2024-09-13 | 3.6 Low |
| Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-29070 | 1 Apache Software Foundation | 1 Apache Streampark | 2024-09-13 | 9.1 Critical |
| On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users should upgrade to 2.1.4 | ||||
| CVE-2024-36523 | 2024-09-13 | 6.5 Medium | ||
| An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts. | ||||
| CVE-2023-5889 | 1 Pkp | 1 Pkp Web Application Library | 2024-09-12 | 8.2 High |
| Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-37504 | 1 Hcltech | 1 Hcl Compass | 2024-09-12 | 7.1 High |
| HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user. | ||||
| CVE-2023-39695 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-09-12 | 5.3 Medium |
| Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. | ||||
| CVE-2024-32006 | 2024-09-10 | 4.3 Medium | ||
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication. | ||||
| CVE-2023-46158 | 1 Ibm | 1 Websphere Application Server Liberty | 2024-09-10 | 4.9 Medium |
| IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. | ||||
| CVE-2023-51772 | 1 Oneidentity | 1 Password Manager | 2024-09-09 | 8.8 High |
| One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. | ||||
| CVE-2023-5838 | 1 Linkstack | 1 Linkstack | 2024-09-06 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. | ||||