Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-33982 | Insufficient Session Expiration vulnerability in Myfwc Fish | Hunt FL An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | 7.5 |
| 2021-09-08 | CVE-2020-29012 | Insufficient Session Expiration vulnerability in Fortinet Fortisandbox An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | 5.3 |
| 2021-08-30 | CVE-2021-39113 | Insufficient Session Expiration vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. | 7.5 |
| 2021-08-27 | CVE-2021-35342 | Insufficient Session Expiration vulnerability in Northern.Tech Useradm 1.13.0/1.14.0 The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled). | 7.5 |
| 2021-08-24 | CVE-2021-30943 | Insufficient Session Expiration vulnerability in Apple products An issue in the handling of group membership was resolved with improved logic. | 4.3 |
| 2021-08-13 | CVE-2021-37693 | Insufficient Session Expiration vulnerability in Discourse Discourse is an open-source platform for community discussion. | 7.5 |
| 2021-08-05 | CVE-2021-37156 | Insufficient Session Expiration vulnerability in Redmine 4.2.0/4.2.1 Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. | 7.5 |
| 2021-08-03 | CVE-2021-33322 | Insufficient Session Expiration vulnerability in Liferay DXP 7.0 In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the old password reset token. | 7.5 |
| 2021-07-26 | CVE-2021-20431 | Insufficient Session Expiration vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1/9.2.2 IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. | 6.5 |
| 2021-07-07 | CVE-2021-20378 | Insufficient Session Expiration vulnerability in IBM Guardium Data Encryption 3.0.0.2/4.0.0.4 IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |