Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2023-06-05 CVE-2023-0041 Insufficient Session Expiration vulnerability in IBM Security Guardium 11.5
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration.
network
low complexity
ibm CWE-613
8.8
2023-05-26 CVE-2023-32318 Insufficient Session Expiration vulnerability in Nextcloud Server
Nextcloud server provides a home for data.
local
high complexity
nextcloud CWE-613
6.7
2023-05-16 CVE-2023-33005 Insufficient Session Expiration vulnerability in Jenkins Wso2 Oauth 1.0
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-613
5.4
2023-05-05 CVE-2022-38707 Insufficient Session Expiration vulnerability in IBM Cognos Command Center 10.2.4.1
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration.
local
low complexity
ibm CWE-613
5.5
2023-05-02 CVE-2023-30403 Insufficient Session Expiration vulnerability in Aigital Wireless-N Repeater Mini Router Firmware 0.131229
An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user.
network
low complexity
aigital CWE-613
7.5
2023-04-16 CVE-2022-37186 Insufficient Session Expiration vulnerability in Lemonldap-Ng Lemonldap::Ng
In LemonLDAP::NG before 2.0.15.
network
high complexity
lemonldap-ng CWE-613
5.9
2023-03-28 CVE-2023-20903 Insufficient Session Expiration vulnerability in Cloudfoundry User Account and Authentication
This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA.
network
low complexity
cloudfoundry CWE-613
4.3
2023-03-24 CVE-2021-3844 Insufficient Session Expiration vulnerability in Rapid7 Insightvm
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user.
network
low complexity
rapid7 CWE-613
5.4
2023-03-21 CVE-2023-1543 Insufficient Session Expiration vulnerability in Answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.
network
low complexity
answer CWE-613
8.8
2023-03-06 CVE-2023-27891 Insufficient Session Expiration vulnerability in Rami Pretix
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session.
network
low complexity
rami CWE-613
7.5