Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2017-3966 | Insufficient Session Expiration vulnerability in Mcafee Network Security Manager Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL. | 6.3 |
| 2018-03-28 | CVE-2018-0152 | Insufficient Session Expiration vulnerability in Cisco IOS XE 16.1.1 A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. | 8.8 |
| 2018-03-20 | CVE-2018-5438 | Insufficient Session Expiration vulnerability in Philips Intellispace Cardiovascular 2.3.0 Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. | 6.3 |
| 2018-03-19 | CVE-2018-1195 | Insufficient Session Expiration vulnerability in Cloudfoundry Cf-Release In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. | 8.8 |
| 2018-01-31 | CVE-2017-15653 | Insufficient Session Expiration vulnerability in Asus Asuswrt Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | 8.8 |
| 2018-01-19 | CVE-2017-1693 | Insufficient Session Expiration vulnerability in IBM Integration BUS IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. | 5.6 |
| 2017-11-03 | CVE-2017-1000136 | Insufficient Session Expiration vulnerability in Mahara Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. | 6.5 |
| 2017-11-03 | CVE-2017-1000135 | Insufficient Session Expiration vulnerability in Mahara Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended. | 6.5 |
| 2017-11-03 | CVE-2017-1000131 | Insufficient Session Expiration vulnerability in Mahara Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions. | 6.5 |
| 2017-10-26 | CVE-2017-12159 | Insufficient Session Expiration vulnerability in multiple products It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. | 7.5 |