Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-08 | CVE-2020-6649 | Insufficient Session Expiration vulnerability in Fortinet Fortiisolator An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 9.8 |
| 2021-02-05 | CVE-2021-3311 | Insufficient Session Expiration vulnerability in Octobercms October An issue was discovered in October through build 471. | 9.8 |
| 2021-02-04 | CVE-2020-14247 | Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. | 6.5 |
| 2021-01-19 | CVE-2021-3183 | Insufficient Session Expiration vulnerability in Files FAT Client 3.3.6 Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. | 7.5 |
| 2021-01-01 | CVE-2016-20007 | Insufficient Session Expiration vulnerability in Rest/Json Project Rest/Json The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. | 7.5 |
| 2020-12-10 | CVE-2020-29667 | Insufficient Session Expiration vulnerability in Lanatmservice M3 ATM Monitoring System 6.1.0 In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration. | 9.8 |
| 2020-11-30 | CVE-2020-4696 | Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security 1.3.0.1 IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. | 4.3 |
| 2020-11-17 | CVE-2020-13353 | Insufficient Session Expiration vulnerability in Gitlab Gitaly When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | 3.2 |
| 2020-11-16 | CVE-2020-27422 | Insufficient Session Expiration vulnerability in Anuko Time Tracker In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. | 9.8 |
| 2020-11-09 | CVE-2020-23140 | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by insufficient session expiration. | 8.1 |