Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-14 | CVE-2024-39809 | Insufficient Session Expiration vulnerability in F5 Big-Ip Next Central Manager 20.1.0 The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
| 2024-08-13 | CVE-2022-45862 | Insufficient Session Expiration vulnerability in Fortinet products An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. | 8.8 |
| 2024-08-13 | CVE-2022-38382 | Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. | 4.1 |
| 2024-07-22 | CVE-2024-41827 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | 9.8 |
| 2024-05-14 | CVE-2024-34709 | Insufficient Session Expiration vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.4 |
| 2024-04-09 | CVE-2024-30262 | Insufficient Session Expiration vulnerability in Contao Contao is an open source content management system. | 7.1 |
| 2024-02-16 | CVE-2024-25628 | Insufficient Session Expiration vulnerability in ALF 2.0M42304 Alf.io is a free and open source event attendance management system. | 7.6 |
| 2024-02-14 | CVE-2024-0008 | Insufficient Session Expiration vulnerability in Paloaltonetworks Pan-Os Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | 8.8 |
| 2024-02-11 | CVE-2024-25718 | Insufficient Session Expiration vulnerability in Dropbox Samly In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry. | 9.8 |
| 2023-12-25 | CVE-2023-51772 | Insufficient Session Expiration vulnerability in Oneidentity Password Manager One Identity Password Manager before 5.13.1 allows Kiosk Escape. | 8.8 |