Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-15074 | Insufficient Session Expiration vulnerability in Openvpn Access Server OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | 7.5 |
| 2020-07-14 | CVE-2020-6292 | Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1 Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration. | 8.8 |
| 2020-07-14 | CVE-2020-6291 | Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration | 8.8 |
| 2020-06-22 | CVE-2020-6644 | Insufficient Session Expiration vulnerability in Fortinet Fortideceptor An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | 8.1 |
| 2020-06-19 | CVE-2017-18905 | Insufficient Session Expiration vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 5.3 |
| 2020-05-11 | CVE-2020-1724 | Insufficient Session Expiration vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 9.0.2. | 4.3 |
| 2020-05-07 | CVE-2020-12690 | Insufficient Session Expiration vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
| 2020-05-06 | CVE-2020-3188 | Insufficient Session Expiration vulnerability in Cisco products A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. | 5.3 |
| 2020-04-28 | CVE-2020-9482 | Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0 If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. | 6.5 |
| 2020-04-28 | CVE-2016-11058 | Insufficient Session Expiration vulnerability in Netgear Genie The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs. | 7.5 |