Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2021-02-19 CVE-2021-27351 Insufficient Session Expiration vulnerability in Telegram
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.
network
low complexity
telegram CWE-613
5.3
5.3
2021-02-09 CVE-2021-26921 Insufficient Session Expiration vulnerability in Argoproj Argo CD
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.
network
low complexity
argoproj CWE-613
6.5
6.5
2021-02-09 CVE-2020-4995 Insufficient Session Expiration vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session.
network
low complexity
ibm CWE-613
5.3
5.3
2021-02-08 CVE-2020-6649 Insufficient Session Expiration vulnerability in Fortinet Fortiisolator
An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
network
low complexity
fortinet CWE-613
critical
 9.8
9.8
2021-02-05 CVE-2021-3311 Insufficient Session Expiration vulnerability in Octobercms October
An issue was discovered in October through build 471.
network
low complexity
octobercms CWE-613
critical
 9.8
9.8
2021-02-04 CVE-2020-14247 Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.
network
low complexity
hcltechsw CWE-613
6.5
6.5
2021-01-19 CVE-2021-3183 Insufficient Session Expiration vulnerability in Files FAT Client 3.3.6
Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.
network
low complexity
files CWE-613
7.5
7.5
2021-01-01 CVE-2016-20007 Insufficient Session Expiration vulnerability in Rest/Json Project Rest/Json
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033.
network
low complexity
rest-json-project CWE-613
7.5
7.5
2020-12-10 CVE-2020-29667 Insufficient Session Expiration vulnerability in Lanatmservice M3 ATM Monitoring System 6.1.0
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.
network
low complexity
lanatmservice CWE-613
critical
 9.8
9.8
2020-11-30 CVE-2020-4696 Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security 1.3.0.1
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session.
network
low complexity
ibm CWE-613
4.3
4.3