Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-33982 Insufficient Session Expiration vulnerability in Myfwc Fish | Hunt FL
An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.
network
low complexity
myfwc CWE-613
5.0
2021-09-08 CVE-2020-29012 Insufficient Session Expiration vulnerability in Fortinet Fortisandbox
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
network
low complexity
fortinet CWE-613
5.0
2021-08-30 CVE-2021-39113 Insufficient Session Expiration vulnerability in Atlassian Data Center and Jira
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature.
network
low complexity
atlassian CWE-613
5.0
2021-08-27 CVE-2021-35342 Insufficient Session Expiration vulnerability in Northern.Tech Useradm 1.13.0/1.14.0
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
4.3
2021-08-13 CVE-2021-37693 Insufficient Session Expiration vulnerability in Discourse
Discourse is an open-source platform for community discussion.
network
low complexity
discourse CWE-613
5.0
2021-08-05 CVE-2021-37156 Insufficient Session Expiration vulnerability in Redmine 4.2.0/4.2.1
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
network
low complexity
redmine CWE-613
5.0
2021-08-03 CVE-2021-33322 Insufficient Session Expiration vulnerability in Liferay DXP 7.0
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token.
network
low complexity
liferay CWE-613
5.0
2021-07-26 CVE-2021-20431 Insufficient Session Expiration vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1/9.2.2
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system.
network
ibm CWE-613
4.3
2021-07-07 CVE-2021-20378 Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4
IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2021-07-07 CVE-2021-26037 Insufficient Session Expiration vulnerability in Joomla Joomla!
An issue was discovered in Joomla! 2.5.0 through 3.9.27.
network
low complexity
joomla CWE-613
5.0