Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-40178 | Insufficient Session Expiration vulnerability in Node Saml Project Node Saml Node-SAML is a SAML library not dependent on any frameworks that runs in Node. | 5.3 |
| 2023-08-08 | CVE-2023-37570 | Insufficient Session Expiration vulnerability in Esds.Co Emagic Data Center Management This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. | 8.8 |
| 2023-07-11 | CVE-2023-28001 | Insufficient Session Expiration vulnerability in Fortinet Fortios An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API. | 9.8 |
| 2023-06-19 | CVE-2023-35857 | Insufficient Session Expiration vulnerability in Siren Investigate 12.1.7/13.2.0/13.2.1 In Siren Investigate before 13.2.2, session keys remain active even after logging out. | 9.8 |
| 2023-06-16 | CVE-2023-2788 | Insufficient Session Expiration vulnerability in Mattermost Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated. | 6.5 |
| 2023-06-05 | CVE-2023-0041 | Insufficient Session Expiration vulnerability in IBM Security Guardium 11.5 IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. | 8.8 |
| 2023-05-26 | CVE-2023-32318 | Insufficient Session Expiration vulnerability in Nextcloud Server Nextcloud server provides a home for data. | 6.7 |
| 2023-05-16 | CVE-2023-33005 | Insufficient Session Expiration vulnerability in Jenkins Wso2 Oauth 1.0 Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. | 5.4 |
| 2023-05-05 | CVE-2020-4914 | Insufficient Session Expiration vulnerability in IBM Cloud PAK System IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 4.2 |
| 2023-05-05 | CVE-2022-38707 | Insufficient Session Expiration vulnerability in IBM Cognos Command Center 10.2.4.1 IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. | 5.5 |