Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2019-12001 | Insufficient Session Expiration vulnerability in HPE products A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. | 6.4 |
| 2020-04-08 | CVE-2020-4284 | Insufficient Session Expiration vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. | 5.3 |
| 2020-03-24 | CVE-2020-4253 | Insufficient Session Expiration vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
| 2020-03-10 | CVE-2020-6197 | Insufficient Session Expiration vulnerability in SAP Enable NOW 10/1902 SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. | 3.3 |
| 2020-02-12 | CVE-2014-2595 | Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013 Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | 9.8 |
| 2020-02-07 | CVE-2020-1768 | Insufficient Session Expiration vulnerability in Otrs The external frontend system uses numerous background calls to the backend. | 5.4 |
| 2020-01-28 | CVE-2019-5462 | Insufficient Session Expiration vulnerability in Gitlab A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. | 8.8 |
| 2020-01-22 | CVE-2019-5647 | Insufficient Session Expiration vulnerability in Rapid7 Appspider The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. | 7.1 |
| 2020-01-14 | CVE-2020-0621 | Insufficient Session Expiration vulnerability in Microsoft products A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | 4.4 |
| 2019-12-31 | CVE-2019-10229 | Insufficient Session Expiration vulnerability in Mailstore and Mailstore Server An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. | 8.8 |