Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-40849 | Insufficient Session Expiration vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges. | 9.8 |
| 2021-10-27 | CVE-2021-29868 | Insufficient Session Expiration vulnerability in IBM I2 Ibase 8.9.13/9.0.0 IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. | 5.5 |
| 2021-10-20 | CVE-2021-25970 | Insufficient Session Expiration vulnerability in Tuzitio Camaleon CMS Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. | 8.8 |
| 2021-10-12 | CVE-2021-35214 | Insufficient Session Expiration vulnerability in Solarwinds Pingdom The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. | 4.7 |
| 2021-10-10 | CVE-2021-25966 | Insufficient Session Expiration vulnerability in Orchardcore Orchard Core 1.0.0 In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. | 8.8 |
| 2021-10-07 | CVE-2021-20473 | Insufficient Session Expiration vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2021-10-06 | CVE-2021-24019 | Insufficient Session Expiration vulnerability in Fortinet Forticlient Endpoint Management Server An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 9.8 |
| 2021-10-04 | CVE-2021-41100 | Insufficient Session Expiration vulnerability in Wire Wire-Server Wire-server is the backing server for the open source wire secure messaging application. | 9.8 |
| 2021-10-04 | CVE-2021-37333 | Insufficient Session Expiration vulnerability in Bookingcore Booking Core 2.0 Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. | 9.8 |
| 2021-10-04 | CVE-2021-38823 | Insufficient Session Expiration vulnerability in Icehrm 30.0.0.Os The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. | 9.8 |