Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-46158 Insufficient Session Expiration vulnerability in IBM Websphere Application Server Liberty 23.0.0.10/23.0.0.9
IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling.
network
low complexity
ibm CWE-613
critical
9.8
2023-10-19 CVE-2023-37504 Insufficient Session Expiration vulnerability in Hcltech HCL Compass
HCL Compass is vulnerable to failure to invalidate sessions.
network
low complexity
hcltech CWE-613
6.5
2023-10-17 CVE-2021-20581 Insufficient Session Expiration vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration.
network
low complexity
ibm CWE-613
4.3
2023-10-13 CVE-2023-33303 Insufficient Session Expiration vulnerability in Fortinet Fortiedr 5.0.0/5.0.1
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request
network
high complexity
fortinet CWE-613
8.1
2023-09-20 CVE-2022-3916 Insufficient Session Expiration vulnerability in Redhat products
A flaw was found in the offline_access scope in Keycloak.
network
high complexity
redhat CWE-613
6.8
2023-08-23 CVE-2023-40178 Insufficient Session Expiration vulnerability in Node Saml Project Node Saml
Node-SAML is a SAML library not dependent on any frameworks that runs in Node.
network
low complexity
node-saml-project CWE-613
5.3
2023-08-08 CVE-2023-37570 Insufficient Session Expiration vulnerability in Esds.Co Emagic Data Center Management
This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie.
network
low complexity
esds-co CWE-613
8.8
2023-07-11 CVE-2023-28001 Insufficient Session Expiration vulnerability in Fortinet Fortios
An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.
network
low complexity
fortinet CWE-613
critical
9.8
2023-06-19 CVE-2023-35857 Insufficient Session Expiration vulnerability in Siren Investigate 12.1.7/13.2.0/13.2.1
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
network
low complexity
siren CWE-613
critical
9.8
2023-06-16 CVE-2023-2788 Insufficient Session Expiration vulnerability in Mattermost
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
network
low complexity
mattermost CWE-613
6.5