Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-6292 Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.
network
low complexity
sap CWE-613
6.5
6.5
2020-07-14 CVE-2020-6291 Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
network
low complexity
sap CWE-613
6.5
6.5
2020-06-22 CVE-2020-6644 Insufficient Session Expiration vulnerability in Fortinet Fortideceptor
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
network
fortinet CWE-613
6.8
6.8
2020-06-19 CVE-2017-18905 Insufficient Session Expiration vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. 		5.0
5.0
2020-05-11 CVE-2020-1724 Insufficient Session Expiration vulnerability in Redhat Keycloak
A flaw was found in Keycloak in versions before 9.0.2.
network
low complexity
redhat CWE-613
4.3
4.3
2020-05-07 CVE-2020-12690 Insufficient Session Expiration vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-613
8.8
8.8
2020-05-06 CVE-2020-3188 Insufficient Session Expiration vulnerability in Cisco products
A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition.
network
low complexity
cisco CWE-613
5.0
5.0
2020-04-28 CVE-2020-9482 Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side.
network
low complexity
apache CWE-613
6.4
6.4
2020-04-28 CVE-2016-11058 Insufficient Session Expiration vulnerability in Netgear Genie
The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs.
network
low complexity
netgear CWE-613
5.0
5.0
2020-04-22 CVE-2020-8867 Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30.
network
low complexity
opcfoundation CWE-613
5.0
5.0