Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-04 | CVE-2021-41100 | Insufficient Session Expiration vulnerability in Wire Wire-Server Wire-server is the backing server for the open source wire secure messaging application. | 7.5 |
| 2021-10-04 | CVE-2021-37333 | Insufficient Session Expiration vulnerability in Bookingcore Booking Core 2.0 Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. | 7.5 |
| 2021-10-04 | CVE-2021-38823 | Insufficient Session Expiration vulnerability in Icehrm 30.0.0.Os The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. | 7.5 |
| 2021-09-08 | CVE-2021-33982 | Insufficient Session Expiration vulnerability in Myfwc Fish | Hunt FL An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | 5.0 |
| 2021-09-08 | CVE-2020-29012 | Insufficient Session Expiration vulnerability in Fortinet Fortisandbox An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 5.0 |
| 2021-08-30 | CVE-2021-39113 | Insufficient Session Expiration vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. | 5.0 |
| 2021-08-27 | CVE-2021-35342 | Insufficient Session Expiration vulnerability in Northern.Tech Useradm 1.13.0/1.14.0 The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled). | 4.3 |
| 2021-08-24 | CVE-2021-30943 | Insufficient Session Expiration vulnerability in Apple products An issue in the handling of group membership was resolved with improved logic. | 4.3 |
| 2021-08-13 | CVE-2021-37693 | Insufficient Session Expiration vulnerability in Discourse Discourse is an open-source platform for community discussion. | 5.0 |
| 2021-08-05 | CVE-2021-37156 | Insufficient Session Expiration vulnerability in Redmine 4.2.0/4.2.1 Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. | 5.0 |