Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2024-08-05 CVE-2024-42447 Insufficient Session Expiration vulnerability in Apache Apache-Airflow-Providers-Fab 1.2.0/1.2.1
Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions.
network
low complexity
apache CWE-613
critical
 9.8
9.8
2024-07-30 CVE-2023-26288 Insufficient Session Expiration vulnerability in IBM Aspera Orchestrator 4.0.1
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.5
5.5
2024-07-25 CVE-2022-32759 Insufficient Session Expiration vulnerability in IBM products
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information.
network
low complexity
ibm CWE-613
7.5
7.5
2024-07-22 CVE-2024-41827 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
network
low complexity
jetbrains CWE-613
critical
 9.8
9.8
2024-07-09 CVE-2024-27782 Insufficient Session Expiration vulnerability in Fortinet Fortiaiops 2.0.0
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.
network
low complexity
fortinet CWE-613
critical
 9.8
9.8
2024-06-14 CVE-2024-5995 The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session.
network
low complexity
CWE-613
8.8
8.8
2024-06-11 CVE-2024-35206 Insufficient Session Expiration vulnerability in Siemens Sinec Traffic Analyzer 1.1
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2).
network
low complexity
siemens CWE-613
8.8
8.8
2024-06-08 CVE-2024-4680 Insufficient Session Expiration vulnerability in Zenml 0.56.3
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration.
network
low complexity
zenml CWE-613
8.8
8.8
2024-02-11 CVE-2024-25718 Insufficient Session Expiration vulnerability in Dropbox Samly
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
network
low complexity
dropbox CWE-613
critical
 9.8
9.8
2024-02-09 CVE-2023-45187 Insufficient Session Expiration vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8
8.8