Vulnerabilities > Insufficient Session Expiration

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-17	CVE-2020-13353	Insufficient Session Expiration vulnerability in Gitlab Gitaly When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. local low complexity gitlab CWE-613	3.2
2020-11-16	CVE-2020-27422	Insufficient Session Expiration vulnerability in Anuko Time Tracker In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. network low complexity anuko CWE-613 critical	9.8
2020-11-09	CVE-2020-23140	Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by insufficient session expiration. network low complexity microweber CWE-613	8.1
2020-11-09	CVE-2020-23136	Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber v1.1.18 is affected by no session expiry after log-out. local low complexity microweber CWE-613	5.5
2020-11-05	CVE-2020-15950	Insufficient Session Expiration vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. network low complexity immuta CWE-613	8.8
2020-10-28	CVE-2020-25374	Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15 CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. network high complexity cyberark CWE-613	2.6
2020-10-28	CVE-2020-24713	Insufficient Session Expiration vulnerability in Getgophish Gophish Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. network low complexity getgophish CWE-613	7.5
2020-10-28	CVE-2020-27739	Insufficient Session Expiration vulnerability in Citadel Webcit A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. network low complexity citadel CWE-613 critical	9.8
2020-10-20	CVE-2020-15269	Insufficient Session Expiration vulnerability in Sparksolutions Spree In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. network low complexity sparksolutions CWE-613 critical	9.1
2020-10-15	CVE-2020-6363	Insufficient Session Expiration vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. network low complexity sap CWE-613	4.6