Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2019-09-18 CVE-2019-5531 Insufficient Session Expiration vulnerability in VMWare Esxi, Vcenter Server and Vsphere Esxi
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration.
network
vmware CWE-613
5.8
5.8
2019-09-17 CVE-2019-14826 Insufficient Session Expiration vulnerability in multiple products
A flaw was found in FreeIPA versions 4.5.0 and later.
local
low complexity
freeipa redhat CWE-613
2.1
2.1
2019-09-09 CVE-2019-16133 Insufficient Session Expiration vulnerability in Weaver Eteams OA 4.0.34
An issue was discovered in eteams OA v4.0.34.
network
low complexity
weaver CWE-613
4.0
4.0
2019-08-21 CVE-2019-5638 Insufficient Session Expiration vulnerability in Rapid7 Nexpose
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user.
network
low complexity
rapid7 CWE-613
8.8
8.8
2019-08-06 CVE-2019-2386 Insufficient Session Expiration vulnerability in Mongodb
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.
network
high complexity
mongodb CWE-613
7.1
7.1
2019-07-01 CVE-2019-7280 Insufficient Session Expiration vulnerability in Primasystems Flexair 2.3.38
Prima Systems FlexAir, Versions 2.3.38 and prior.
network
low complexity
primasystems CWE-613
8.8
8.8
2019-06-06 CVE-2019-3790 Insufficient Session Expiration vulnerability in Pivotal Software Operations Manager
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration.
network
low complexity
pivotal-software CWE-613
5.5
5.5
2019-06-06 CVE-2019-7215 Insufficient Session Expiration vulnerability in Progress Sitefinity
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts.
network
low complexity
progress CWE-613
6.5
6.5
2019-05-09 CVE-2019-4072 Insufficient Session Expiration vulnerability in IBM products
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out.
network
low complexity
ibm CWE-613
6.3
6.3
2019-05-07 CVE-2018-6634 Insufficient Session Expiration vulnerability in Parsecgaming Parsec 1420/1421
A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.
network
low complexity
parsecgaming microsoft canonical CWE-613
7.5
7.5