Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2020-05-06 CVE-2020-3188 Insufficient Session Expiration vulnerability in Cisco products
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition.
network
low complexity
cisco CWE-613
5.3
2020-04-28 CVE-2020-9482 Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side.
network
low complexity
apache CWE-613
6.5
2020-04-28 CVE-2016-11058 Insufficient Session Expiration vulnerability in Netgear Genie
The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs.
network
low complexity
netgear CWE-613
7.5
2020-04-22 CVE-2020-8867 Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30.
network
low complexity
opcfoundation CWE-613
7.5
2020-04-22 CVE-2020-11795 Insufficient Session Expiration vulnerability in Jetbrains Space
In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.
network
low complexity
jetbrains CWE-613
7.5
2020-04-22 CVE-2020-11688 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
network
low complexity
jetbrains CWE-613
7.5
2020-04-17 CVE-2019-12001 Insufficient Session Expiration vulnerability in HPE products
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.
network
high complexity
hpe CWE-613
6.4
2020-04-08 CVE-2020-4284 Insufficient Session Expiration vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI.
network
low complexity
ibm CWE-613
5.3
2020-03-24 CVE-2020-4253 Insufficient Session Expiration vulnerability in IBM Content Navigator 3.0.0
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8
2020-03-10 CVE-2020-6197 Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner.
local
low complexity
sap CWE-613
3.3