Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-47406 Insufficient Session Expiration vulnerability in Change Password for Frontend Users Project Change Password for Frontend Users
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3.
network
low complexity
change-password-for-frontend-users-project CWE-613
critical
 9.8
9.8
2022-12-14 CVE-2022-23502 Insufficient Session Expiration vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-613
5.4
5.4
2022-11-22 CVE-2022-40228 Insufficient Session Expiration vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.4
5.4
2022-11-22 CVE-2022-36179 Insufficient Session Expiration vulnerability in Fusiondirectory 1.3
Fusiondirectory 1.3 suffers from Improper Session Handling.
network
low complexity
fusiondirectory CWE-613
critical
 9.8
9.8
2022-11-20 CVE-2022-4070 Insufficient Session Expiration vulnerability in Librenms
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
network
low complexity
librenms CWE-613
critical
 9.8
9.8
2022-11-14 CVE-2022-3362 Insufficient Session Expiration vulnerability in Ikus-Soft Rdiffweb
Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
network
low complexity
ikus-soft CWE-613
critical
 9.8
9.8
2022-11-10 CVE-2022-3867 Insufficient Session Expiration vulnerability in Hashicorp Nomad 1.4.0/1.4.1
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected.
network
low complexity
hashicorp CWE-613
4.3
4.3
2022-11-03 CVE-2022-40230 Insufficient Session Expiration vulnerability in IBM MQ Appliance 9.2.0.0/9.3.0.0
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
6.5
2022-11-03 CVE-2022-39234 Insufficient Session Expiration vulnerability in Glpi-Project Glpi
GLPI stands for Gestionnaire Libre de Parc Informatique.
network
low complexity
glpi-project CWE-613
8.8
8.8
2022-10-27 CVE-2022-2782 Insufficient Session Expiration vulnerability in Octopus Server
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
network
low complexity
octopus CWE-613
critical
 9.1
9.1