Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2018-11386 Insufficient Session Expiration vulnerability in multiple products
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian CWE-613
5.9
2018-05-14 CVE-2018-10990 Insufficient Session Expiration vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes").
network
high complexity
commscope CWE-613
8.0
2018-04-18 CVE-2018-7758 Insufficient Session Expiration vulnerability in Schneider-Electric products
A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.
low complexity
schneider-electric CWE-613
6.5
2018-04-04 CVE-2017-3966 Insufficient Session Expiration vulnerability in Mcafee Network Security Manager
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL.
network
low complexity
mcafee CWE-613
6.3
2018-03-28 CVE-2018-0152 Insufficient Session Expiration vulnerability in Cisco IOS XE 16.1.1
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device.
network
low complexity
cisco CWE-613
8.8
2018-03-20 CVE-2018-5438 Insufficient Session Expiration vulnerability in Philips Intellispace Cardiovascular 2.3.0
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user.
local
high complexity
philips CWE-613
6.3
2018-03-19 CVE-2018-1195 Insufficient Session Expiration vulnerability in Cloudfoundry Cf-Release
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected.
network
low complexity
cloudfoundry CWE-613
8.8
2018-01-31 CVE-2017-15653 Insufficient Session Expiration vulnerability in Asus Asuswrt
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
network
low complexity
asus CWE-613
8.8
2018-01-19 CVE-2017-1693 Insufficient Session Expiration vulnerability in IBM Integration BUS
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out.
network
high complexity
ibm CWE-613
5.6
2017-11-03 CVE-2017-1000136 Insufficient Session Expiration vulnerability in Mahara
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
network
low complexity
mahara CWE-613
6.5