Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-46158 | Insufficient Session Expiration vulnerability in IBM Websphere Application Server Liberty IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. | 9.8 |
| 2023-10-19 | CVE-2023-37504 | Insufficient Session Expiration vulnerability in Hcltech HCL Compass HCL Compass is vulnerable to failure to invalidate sessions. | 6.5 |
| 2023-10-17 | CVE-2021-20581 | Insufficient Session Expiration vulnerability in IBM Security Verify Privilege On-Premises IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. | 4.3 |
| 2023-10-17 | CVE-2023-45659 | Insufficient Session Expiration vulnerability in Engelsystem 2.0.0/3.0.0 Engelsystem is a shift planning system for chaos events. | 2.8 |
| 2023-10-13 | CVE-2023-33303 | Insufficient Session Expiration vulnerability in Fortinet Fortiedr 5.0.0/5.0.1 A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request | 8.1 |
| 2023-10-10 | CVE-2023-40537 | Insufficient Session Expiration vulnerability in F5 products An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.1 |
| 2023-10-10 | CVE-2023-42768 | Insufficient Session Expiration vulnerability in F5 products When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. | 7.2 |
| 2023-09-20 | CVE-2022-3916 | Insufficient Session Expiration vulnerability in Redhat products A flaw was found in the offline_access scope in Keycloak. | 6.8 |
| 2023-09-12 | CVE-2023-40732 | Insufficient Session Expiration vulnerability in Siemens QMS Automotive 12.30 A vulnerability has been identified in QMS Automotive (All versions < V12.39). | 3.9 |
| 2023-08-30 | CVE-2023-41041 | Insufficient Session Expiration vulnerability in Graylog Graylog is a free and open log management platform. | 3.1 |