Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2014-2595 Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
network
low complexity
barracuda CWE-613
critical
9.8
2020-02-07 CVE-2020-1768 Insufficient Session Expiration vulnerability in Otrs
The external frontend system uses numerous background calls to the backend.
network
low complexity
otrs CWE-613
5.4
2020-01-28 CVE-2019-5462 Insufficient Session Expiration vulnerability in Gitlab
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
network
low complexity
gitlab CWE-613
8.8
2020-01-22 CVE-2019-5647 Insufficient Session Expiration vulnerability in Rapid7 Appspider
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser.
local
low complexity
rapid7 CWE-613
7.1
2020-01-14 CVE-2020-0621 Insufficient Session Expiration vulnerability in Microsoft products
A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.
local
low complexity
microsoft CWE-613
4.4
2019-12-31 CVE-2019-10229 Insufficient Session Expiration vulnerability in Mailstore and Mailstore Server
An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2.
network
low complexity
mailstore CWE-613
8.8
2019-12-18 CVE-2019-11106 Insufficient Session Expiration vulnerability in Intel products
Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.
local
low complexity
intel CWE-613
6.7
2019-12-18 CVE-2019-8803 Insufficient Session Expiration vulnerability in Apple products
An authentication issue was addressed with improved state management.
local
low complexity
apple CWE-613
8.4
2019-11-19 CVE-2019-12421 Insufficient Session Expiration vulnerability in Apache Nifi
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side.
network
low complexity
apache CWE-613
8.8
2019-11-06 CVE-2019-8149 Insufficient Session Expiration vulnerability in Magento
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-613
critical
9.8