Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2020-09-14 CVE-2020-13302 Insufficient Session Expiration vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-613
7.2
7.2
2020-09-14 CVE-2020-13299 Insufficient Session Expiration vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-613
8.1
8.1
2020-08-21 CVE-2020-8234 Insufficient Session Expiration vulnerability in UI Edgemax Firmware
A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.
network
low complexity
ui CWE-613
critical
 9.8
9.8
2020-08-21 CVE-2020-5774 Insufficient Session Expiration vulnerability in Tenable Nessus
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios.
local
low complexity
tenable CWE-613
7.1
7.1
2020-08-14 CVE-2020-17474 Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server
A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database.
network
low complexity
zkteco CWE-613
critical
 9.8
9.8
2020-08-14 CVE-2020-17473 Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
network
high complexity
zkteco CWE-613
5.9
5.9
2020-07-20 CVE-2020-1776 Insufficient Session Expiration vulnerability in Otrs
When an agent user is renamed or set to invalid the session belonging to the user is keept active.
network
low complexity
otrs CWE-613
4.3
4.3
2020-07-14 CVE-2020-15074 Insufficient Session Expiration vulnerability in Openvpn Access Server
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
network
low complexity
openvpn CWE-613
7.5
7.5
2020-07-14 CVE-2020-6292 Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.
network
low complexity
sap CWE-613
8.8
8.8
2020-07-14 CVE-2020-6291 Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
network
low complexity
sap CWE-613
8.8
8.8