Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-38315 | Insufficient Session Expiration vulnerability in IBM Aspera Shares 1.10.0/1.9.14 IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2024-08-14 | CVE-2024-39809 | Insufficient Session Expiration vulnerability in F5 Big-Ip Next Central Manager 20.1.0 The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.8 |
| 2024-08-13 | CVE-2022-45862 | Insufficient Session Expiration vulnerability in Fortinet products An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. | 8.8 |
| 2024-08-13 | CVE-2022-38382 | Insufficient Session Expiration vulnerability in IBM Cloud PAK for Security and Qradar Suite IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. | 4.1 |
| 2024-07-22 | CVE-2024-41827 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | 9.8 |
| 2024-05-14 | CVE-2024-34709 | Insufficient Session Expiration vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.4 |
| 2024-05-06 | CVE-2024-34092 | Insufficient Session Expiration vulnerability in Archerirm Archer An issue was discovered in Archer Platform 6 before 2024.04. | 8.8 |
| 2024-04-09 | CVE-2024-30262 | Insufficient Session Expiration vulnerability in Contao Contao is an open source content management system. | 7.1 |
| 2024-03-06 | CVE-2024-20301 | Insufficient Session Expiration vulnerability in Cisco DUO Authentication for Windows Logon and RDP 4.2.2 A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. | 6.2 |
| 2024-02-16 | CVE-2024-25628 | Insufficient Session Expiration vulnerability in ALF 2.0M42304 Alf.io is a free and open source event attendance management system. | 7.6 |