Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2023-03-24 CVE-2021-3844 Insufficient Session Expiration vulnerability in Rapid7 Insightvm
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user.
network
low complexity
rapid7 CWE-613
5.4
5.4
2023-03-21 CVE-2023-1543 Insufficient Session Expiration vulnerability in Answer
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.
network
low complexity
answer CWE-613
8.8
8.8
2023-03-06 CVE-2023-27891 Insufficient Session Expiration vulnerability in Rami Pretix
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session.
network
low complexity
rami CWE-613
7.5
7.5
2023-03-01 CVE-2023-22771 Insufficient Session Expiration vulnerability in Arubanetworks Arubaos and Sd-Wan
An insufficient session expiration vulnerability exists in the ArubaOS command line interface.
network
low complexity
arubanetworks CWE-613
2.4
2.4
2023-02-20 CVE-2022-48317 Insufficient Session Expiration vulnerability in Checkmk 2.0.0/2.1.0
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.
network
low complexity
checkmk CWE-613
critical
 9.8
9.8
2023-02-11 CVE-2022-34392 Insufficient Session Expiration vulnerability in Dell Supportassist for Home PCS
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability.
local
low complexity
dell CWE-613
5.5
5.5
2023-01-26 CVE-2023-23614 Insufficient Session Expiration vulnerability in Pi-Hole web Interface
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole.
network
low complexity
pi-hole CWE-613
8.8
8.8
2023-01-26 CVE-2023-24426 Insufficient Session Expiration vulnerability in Jenkins Azure AD
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-613
8.8
8.8
2022-12-14 CVE-2022-47406 Insufficient Session Expiration vulnerability in Change Password for Frontend Users Project Change Password for Frontend Users
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3.
network
low complexity
change-password-for-frontend-users-project CWE-613
critical
 9.8
9.8
2022-11-22 CVE-2022-40228 Insufficient Session Expiration vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.4
5.4