Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-23136 | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber v1.1.18 is affected by no session expiry after log-out. | 5.5 |
| 2020-11-05 | CVE-2020-15950 | Insufficient Session Expiration vulnerability in Immuta 2.8.2 Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. | 8.8 |
| 2020-10-28 | CVE-2020-25374 | Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15 CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | 2.6 |
| 2020-10-28 | CVE-2020-24713 | Insufficient Session Expiration vulnerability in Getgophish Gophish Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. | 7.5 |
| 2020-10-28 | CVE-2020-27739 | Insufficient Session Expiration vulnerability in Citadel Webcit A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. | 9.8 |
| 2020-10-20 | CVE-2020-15269 | Insufficient Session Expiration vulnerability in Sparksolutions Spree In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. | 9.1 |
| 2020-10-15 | CVE-2020-6363 | Insufficient Session Expiration vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. | 4.6 |
| 2020-10-14 | CVE-2020-4395 | Insufficient Session Expiration vulnerability in IBM Security Access Manager Appliance 9.0.7 IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.4 |
| 2020-10-12 | CVE-2020-4780 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. | 5.3 |
| 2020-10-02 | CVE-2019-19199 | Insufficient Session Expiration vulnerability in Reddoxx Maildepot 2032 REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout. | 7.4 |