Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-41827 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
network
low complexity
jetbrains CWE-613
critical
9.8
2024-02-16 CVE-2024-25628 Insufficient Session Expiration vulnerability in ALF 2.0M42304
Alf.io is a free and open source event attendance management system.
network
low complexity
alf CWE-613
7.6
2024-02-14 CVE-2024-0008 Insufficient Session Expiration vulnerability in Paloaltonetworks Pan-Os
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
network
low complexity
paloaltonetworks CWE-613
8.8
2024-02-11 CVE-2024-25718 Insufficient Session Expiration vulnerability in Dropbox Samly
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
network
low complexity
dropbox CWE-613
critical
9.8
2023-12-25 CVE-2023-51772 Insufficient Session Expiration vulnerability in Oneidentity Password Manager
One Identity Password Manager before 5.13.1 allows Kiosk Escape.
network
low complexity
oneidentity CWE-613
8.8
2023-12-18 CVE-2023-4320 Insufficient Session Expiration vulnerability in Redhat Satellite
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.
network
low complexity
redhat CWE-613
7.5
2023-12-14 CVE-2023-49935 Insufficient Session Expiration vulnerability in Schedmd Slurm
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x.
network
low complexity
schedmd CWE-613
8.8
2023-11-30 CVE-2023-46326 Insufficient Session Expiration vulnerability in Zstack
ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these.
network
low complexity
zstack CWE-613
8.8
2023-11-01 CVE-2023-5889 Insufficient Session Expiration vulnerability in PKP web Application Library
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
network
low complexity
pkp CWE-613
8.2
2023-10-31 CVE-2023-39695 Insufficient Session Expiration vulnerability in Elenos Etg150 Firmware 3.12
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
network
low complexity
elenos CWE-613
5.3