Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2019-06-06 CVE-2019-3790 Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration.
network
low complexity
pivotal-software CWE-613
5.4
2019-06-06 CVE-2019-7215 Insufficient Session Expiration vulnerability in Progress Sitefinity
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts.
network
low complexity
progress CWE-613
6.5
2019-05-09 CVE-2019-4072 Insufficient Session Expiration vulnerability in IBM products
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out.
network
low complexity
ibm CWE-613
6.3
2019-05-07 CVE-2018-6634 Insufficient Session Expiration vulnerability in Parsecgaming Parsec 1420/1421
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.
network
low complexity
parsecgaming CWE-613
critical
9.8
2019-04-10 CVE-2019-1003049 Insufficient Session Expiration vulnerability in multiple products
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.
network
high complexity
jenkins redhat oracle CWE-613
8.1
2019-01-15 CVE-2019-0015 Insufficient Session Expiration vulnerability in Juniper Junos
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted.
network
low complexity
juniper CWE-613
5.4
2018-12-20 CVE-2018-1000814 Insufficient Session Expiration vulnerability in Aiohttp-Session Project Aiohttp-Session
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan.
network
low complexity
aiohttp-session-project CWE-613
6.5
2018-08-30 CVE-2016-0234 Insufficient Session Expiration vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser.
local
low complexity
ibm CWE-613
3.3
2018-08-14 CVE-2018-2451 Insufficient Session Expiration vulnerability in SAP Hana Extended Application Services 1.0
XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity.
network
high complexity
sap CWE-613
6.6
2018-07-17 CVE-2018-14345 Insufficient Session Expiration vulnerability in Sddm Project Sddm
An issue was discovered in SDDM through 0.17.0.
network
high complexity
sddm-project CWE-613
7.5