Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-6644 | Insufficient Session Expiration vulnerability in Fortinet Fortideceptor An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | 8.1 |
| 2020-06-19 | CVE-2017-18905 | Insufficient Session Expiration vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 5.3 |
| 2020-05-11 | CVE-2020-1724 | Insufficient Session Expiration vulnerability in Redhat Keycloak A flaw was found in Keycloak in versions before 9.0.2. | 4.3 |
| 2020-05-07 | CVE-2020-12690 | Insufficient Session Expiration vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
| 2020-05-06 | CVE-2020-3188 | Insufficient Session Expiration vulnerability in Cisco products A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. | 5.3 |
| 2020-04-28 | CVE-2020-9482 | Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0 If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. | 6.5 |
| 2020-04-28 | CVE-2016-11058 | Insufficient Session Expiration vulnerability in Netgear Genie The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs. | 7.5 |
| 2020-04-22 | CVE-2020-8867 | Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. | 7.5 |
| 2020-04-22 | CVE-2020-11795 | Insufficient Session Expiration vulnerability in Jetbrains Space 20200422 In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | 7.5 |
| 2020-04-22 | CVE-2020-11688 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. | 7.5 |