Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-20 | CVE-2021-25970 | Insufficient Session Expiration vulnerability in Tuzitio Camaleon CMS Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. | 8.8 |
| 2021-10-12 | CVE-2021-35214 | Insufficient Session Expiration vulnerability in Solarwinds Pingdom The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. | 4.7 |
| 2021-10-10 | CVE-2021-25966 | Insufficient Session Expiration vulnerability in Orchardcore Orchard Core 1.0.0 In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. | 8.8 |
| 2021-10-07 | CVE-2021-20473 | Insufficient Session Expiration vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2021-10-06 | CVE-2021-24019 | Insufficient Session Expiration vulnerability in Fortinet Forticlient Endpoint Management Server An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 9.8 |
| 2021-10-04 | CVE-2021-41100 | Insufficient Session Expiration vulnerability in Wire Wire-Server Wire-server is the backing server for the open source wire secure messaging application. | 9.8 |
| 2021-10-04 | CVE-2021-37333 | Insufficient Session Expiration vulnerability in Bookingcore Booking Core 2.0 Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. | 9.8 |
| 2021-10-04 | CVE-2021-38823 | Insufficient Session Expiration vulnerability in Icehrm 30.0.0.Os The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. | 9.8 |
| 2021-09-08 | CVE-2021-33982 | Insufficient Session Expiration vulnerability in Myfwc Fish | Hunt FL An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | 7.5 |
| 2021-09-08 | CVE-2020-29012 | Insufficient Session Expiration vulnerability in Fortinet Fortisandbox An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 5.3 |