Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2021-11-04 CVE-2021-34739 Insufficient Session Expiration vulnerability in Cisco products
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device.
network
high complexity
cisco CWE-613
8.1
2021-11-03 CVE-2021-40849 Insufficient Session Expiration vulnerability in Mahara
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
network
low complexity
mahara CWE-613
critical
9.8
2021-10-27 CVE-2021-29868 Insufficient Session Expiration vulnerability in IBM I2 Ibase 8.9.13/9.0.0
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration.
local
low complexity
ibm CWE-613
5.5
2021-10-20 CVE-2021-25970 Insufficient Session Expiration vulnerability in Tuzitio Camaleon CMS
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password.
network
low complexity
tuzitio CWE-613
8.8
2021-10-12 CVE-2021-35214 Insufficient Session Expiration vulnerability in Solarwinds Pingdom
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change.
local
high complexity
solarwinds CWE-613
4.7
2021-10-10 CVE-2021-25966 Insufficient Session Expiration vulnerability in Orchardcore Orchard Core 1.0.0
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change.
network
low complexity
orchardcore CWE-613
8.8
2021-10-07 CVE-2021-20473 Insufficient Session Expiration vulnerability in IBM Sterling File Gateway
IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2021-10-06 CVE-2021-24019 Insufficient Session Expiration vulnerability in Fortinet Forticlient Endpoint Management Server
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
network
low complexity
fortinet CWE-613
critical
9.8
2021-10-04 CVE-2021-41100 Insufficient Session Expiration vulnerability in Wire Wire-Server
Wire-server is the backing server for the open source wire secure messaging application.
network
low complexity
wire CWE-613
critical
9.8
2021-10-04 CVE-2021-37333 Insufficient Session Expiration vulnerability in Bookingcore Booking Core 2.0
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management.
network
low complexity
bookingcore CWE-613
critical
9.8