Vulnerabilities > Insufficient Session Expiration
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-23 | CVE-2024-35160 | Insufficient Session Expiration vulnerability in IBM BIG SQL and Watson Query With Cloud PAK for Data IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. | 6.5 |
2024-11-12 | CVE-2024-46892 | Insufficient Session Expiration vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). | 8.1 |
2024-10-22 | CVE-2024-48926 | Insufficient Session Expiration vulnerability in Umbraco CMS Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. | 3.1 |
2024-09-27 | CVE-2024-23586 | Insufficient Session Expiration vulnerability in Hcltech HCL Nomad HCL Nomad is susceptible to an insufficient session expiration vulnerability. | 7.5 |
2024-09-18 | CVE-2024-8888 | Insufficient Session Expiration vulnerability in Circutor Q-Smt Firmware 1.0.4 An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. | 7.5 |
2024-09-16 | CVE-2024-38315 | Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14 IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2024-08-14 | CVE-2024-39809 | Insufficient Session Expiration vulnerability in F5 Big-Ip Next Central Manager 20.1.0 The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
2024-08-13 | CVE-2022-45862 | Insufficient Session Expiration vulnerability in Fortinet products An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. | 8.8 |
2024-08-13 | CVE-2022-38382 | Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. | 4.1 |
2024-07-22 | CVE-2024-41827 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | 9.8 |