Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2024-12-16 CVE-2024-12667 Insufficient Session Expiration vulnerability in Invoiceplane
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic.
network
high complexity
invoiceplane CWE-613
5.9
2024-11-23 CVE-2024-35160 Insufficient Session Expiration vulnerability in IBM BIG SQL and Watson Query With Cloud PAK for Data
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
network
low complexity
ibm CWE-613
6.5
2024-11-12 CVE-2024-46892 Insufficient Session Expiration vulnerability in Siemens Sinec INS 1.0
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
siemens CWE-613
8.1
2024-10-22 CVE-2024-48926 Insufficient Session Expiration vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15.
network
high complexity
umbraco CWE-613
3.1
2024-09-27 CVE-2024-23586 Insufficient Session Expiration vulnerability in Hcltech HCL Nomad
HCL Nomad is susceptible to an insufficient session expiration vulnerability.
network
low complexity
hcltech CWE-613
7.5
2024-09-18 CVE-2024-8888 Insufficient Session Expiration vulnerability in Circutor Q-Smt Firmware 1.0.4
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions.
network
low complexity
circutor CWE-613
7.5
2024-09-16 CVE-2024-38315 Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14
IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2024-08-14 CVE-2024-39809 Insufficient Session Expiration vulnerability in F5 Big-Ip Next Central Manager 20.1.0
The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-613
8.8
2024-08-13 CVE-2022-45862 Insufficient Session Expiration vulnerability in Fortinet products
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
network
low complexity
fortinet CWE-613
8.8
2024-08-13 CVE-2022-38382 Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information.
network
low complexity
ibm CWE-613
4.1