Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-24 | CVE-2015-5171 | Insufficient Session Expiration vulnerability in multiple products The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | 9.8 |
| 2017-10-20 | CVE-2017-6145 | Insufficient Session Expiration vulnerability in F5 products iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. | 7.3 |
| 2017-10-17 | CVE-2017-14007 | Insufficient Session Expiration vulnerability in Prominent Multiflex M10A Controller Firmware An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 5.6 |
| 2017-08-29 | CVE-2017-12867 | Insufficient Session Expiration vulnerability in Simplesamlphp The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. | 5.9 |
| 2017-07-26 | CVE-2017-11667 | Insufficient Session Expiration vulnerability in Openproject OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. | 8.1 |
| 2017-06-20 | CVE-2017-3215 | Insufficient Session Expiration vulnerability in Milwaukee One-Key The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. | 5.3 |
| 2017-04-13 | CVE-2016-8712 | Insufficient Session Expiration vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. | 8.1 |
| 2017-04-10 | CVE-2016-5069 | Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | 9.8 |
| 2017-03-09 | CVE-2017-6529 | Insufficient Session Expiration vulnerability in Dnatools Dnalims 42015S13 An issue was discovered in dnaTools dnaLIMS 4-2015s13. | 8.8 |