Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-0008 Insufficient Session Expiration vulnerability in Paloaltonetworks Pan-Os
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
network
low complexity
paloaltonetworks CWE-613
8.8
8.8
2024-02-11 CVE-2024-25718 Insufficient Session Expiration vulnerability in Dropbox Samly
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
network
low complexity
dropbox CWE-613
critical
 9.8
9.8
2023-12-25 CVE-2023-51772 Insufficient Session Expiration vulnerability in Oneidentity Password Manager
One Identity Password Manager before 5.13.1 allows Kiosk Escape.
network
low complexity
oneidentity CWE-613
8.8
8.8
2023-12-18 CVE-2023-4320 Insufficient Session Expiration vulnerability in Redhat Satellite
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.
network
low complexity
redhat CWE-613
7.5
7.5
2023-12-14 CVE-2023-49935 Insufficient Session Expiration vulnerability in Schedmd Slurm
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x.
network
low complexity
schedmd CWE-613
8.8
8.8
2023-11-30 CVE-2023-46326 Insufficient Session Expiration vulnerability in Zstack
ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these.
network
low complexity
zstack CWE-613
8.8
8.8
2023-11-01 CVE-2023-5889 Insufficient Session Expiration vulnerability in PKP web Application Library
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
network
low complexity
pkp CWE-613
8.2
8.2
2023-10-31 CVE-2023-39695 Insufficient Session Expiration vulnerability in Elenos Etg150 Firmware 3.12
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
network
low complexity
elenos CWE-613
5.3
5.3
2023-10-25 CVE-2023-46158 Insufficient Session Expiration vulnerability in IBM Websphere Application Server Liberty 23.0.0.10/23.0.0.9
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling.
network
low complexity
ibm CWE-613
critical
 9.8
9.8
2023-10-19 CVE-2023-37504 Insufficient Session Expiration vulnerability in Hcltech HCL Compass
HCL Compass is vulnerable to failure to invalidate sessions.
network
low complexity
hcltech CWE-613
6.5
6.5