Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2017-10-17 CVE-2017-14007 Insufficient Session Expiration vulnerability in Prominent Multiflex M10A Controller Firmware
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface.
network
prominent CWE-613
6.8
6.8
2017-08-29 CVE-2017-12867 Insufficient Session Expiration vulnerability in Simplesamlphp
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. 		4.3
4.3
2017-07-26 CVE-2017-11667 Insufficient Session Expiration vulnerability in Openproject
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. 		6.8
6.8
2017-06-20 CVE-2017-3215 Insufficient Session Expiration vulnerability in Milwaukee One-Key
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year.
network
low complexity
milwaukee CWE-613
5.0
5.0
2017-04-13 CVE-2016-8712 Insufficient Session Expiration vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1.
network
high complexity
moxa CWE-613
8.1
8.1
2017-04-10 CVE-2016-5069 Insufficient Session Expiration vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.
network
low complexity
sierrawireless CWE-613
7.5
7.5
2017-03-09 CVE-2017-6529 Insufficient Session Expiration vulnerability in Dnatools Dnalims 42015S13
An issue was discovered in dnaTools dnaLIMS 4-2015s13.
network
dnatools CWE-613
6.8
6.8
2014-12-08 CVE-2014-3616 Insufficient Session Expiration vulnerability in multiple products
nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.
network
f5 debian CWE-613
4.3
4.3