Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2022-03-09 CVE-2022-24744 Insufficient Session Expiration vulnerability in Shopware
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework.
network
shopware CWE-613
3.5
2022-03-01 CVE-2021-38986 Insufficient Session Expiration vulnerability in IBM MQ 9.2.0/9.2.0.0/9.2.1.0
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.5
2022-02-25 CVE-2022-24332 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
network
low complexity
jetbrains CWE-613
5.0
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
5.0
2022-02-10 CVE-2021-25992 Insufficient Session Expiration vulnerability in If-Me Ifme
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout.
network
low complexity
if-me CWE-613
7.5
2022-01-28 CVE-2021-22820 Insufficient Session Expiration vulnerability in Schneider-Electric products
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password.
network
low complexity
schneider-electric CWE-613
7.5
2022-01-26 CVE-2021-29846 Insufficient Session Expiration vulnerability in IBM Security Guardium Insights 3.0.0
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
network
low complexity
ibm CWE-613
2.7
2022-01-18 CVE-2021-37866 Insufficient Session Expiration vulnerability in Mattermost Boards
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.
network
low complexity
mattermost CWE-613
5.0
2022-01-13 CVE-2022-22113 Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration.
network
low complexity
daybydaycrm CWE-613
6.5
2022-01-10 CVE-2022-22283 Insufficient Session Expiration vulnerability in Samsung Health 6.16/6.17/6.19.1.0001
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.
local
low complexity
samsung CWE-613
2.1