Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2020-17474 Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
network
low complexity
zkteco CWE-613
critical
 9.8
9.8
2020-08-14 CVE-2020-17473 Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
network
high complexity
zkteco CWE-613
5.9
5.9
2020-07-20 CVE-2020-1776 Insufficient Session Expiration vulnerability in Otrs
When an agent user is renamed or set to invalid the session belonging to the user is keept active.
network
low complexity
otrs CWE-613
4.3
4.3
2020-07-14 CVE-2020-15074 Insufficient Session Expiration vulnerability in Openvpn Access Server
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
network
low complexity
openvpn CWE-613
7.5
7.5
2020-07-14 CVE-2020-6292 Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.
network
low complexity
sap CWE-613
8.8
8.8
2020-07-14 CVE-2020-6291 Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
network
low complexity
sap CWE-613
8.8
8.8
2020-06-22 CVE-2020-6644 Insufficient Session Expiration vulnerability in Fortinet Fortideceptor
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
network
high complexity
fortinet CWE-613
8.1
8.1
2020-06-19 CVE-2017-18905 Insufficient Session Expiration vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
network
low complexity
mattermost CWE-613
5.3
5.3
2020-05-11 CVE-2020-1724 Insufficient Session Expiration vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 9.0.2.
network
low complexity
redhat CWE-613
4.3
4.3
2020-05-07 CVE-2020-12690 Insufficient Session Expiration vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-613
8.8
8.8