Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-08 | CVE-2021-25979 | Insufficient Session Expiration vulnerability in Apostrophecms Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. | 7.5 |
| 2021-11-04 | CVE-2021-41247 | Insufficient Session Expiration vulnerability in Jupyter Jupyterhub JupyterHub is an open source multi-user server for Jupyter notebooks. | 5.0 |
| 2021-11-04 | CVE-2021-34739 | Insufficient Session Expiration vulnerability in Cisco products A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. | 8.1 |
| 2021-11-03 | CVE-2021-40849 | Insufficient Session Expiration vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges. | 7.5 |
| 2021-10-27 | CVE-2021-29868 | Insufficient Session Expiration vulnerability in IBM I2 Ibase 8.9.13/9.0.0 IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. | 2.1 |
| 2021-10-20 | CVE-2021-25970 | Insufficient Session Expiration vulnerability in Tuzitio Camaleon CMS Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. | 6.8 |
| 2021-10-12 | CVE-2021-35214 | Insufficient Session Expiration vulnerability in Solarwinds Pingdom The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. | 1.9 |
| 2021-10-10 | CVE-2021-25966 | Insufficient Session Expiration vulnerability in Orchardcore Orchard Core 1.0.0 In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. | 6.5 |
| 2021-10-07 | CVE-2021-20473 | Insufficient Session Expiration vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 4.0 |
| 2021-10-06 | CVE-2021-24019 | Insufficient Session Expiration vulnerability in Fortinet Forticlient Endpoint Management Server An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 7.5 |