Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-23614 Insufficient Session Expiration vulnerability in Pi-Hole web Interface
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole.
network
low complexity
pi-hole CWE-613
8.8
8.8
2023-01-26 CVE-2023-24426 Insufficient Session Expiration vulnerability in Jenkins Azure AD
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-613
8.8
8.8
2022-12-14 CVE-2022-47406 Insufficient Session Expiration vulnerability in Change Password for Frontend Users Project Change Password for Frontend Users
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3.
network
low complexity
change-password-for-frontend-users-project CWE-613
critical
 9.8
9.8
2022-11-22 CVE-2022-40228 Insufficient Session Expiration vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.4
5.4
2022-11-22 CVE-2022-36179 Insufficient Session Expiration vulnerability in Fusiondirectory 1.3
Fusiondirectory 1.3 suffers from Improper Session Handling.
network
low complexity
fusiondirectory CWE-613
critical
 9.8
9.8
2022-11-20 CVE-2022-4070 Insufficient Session Expiration vulnerability in Librenms
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
network
low complexity
librenms CWE-613
critical
 9.8
9.8
2022-11-14 CVE-2022-3362 Insufficient Session Expiration vulnerability in Ikus-Soft Rdiffweb
Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
network
low complexity
ikus-soft CWE-613
critical
 9.8
9.8
2022-11-10 CVE-2022-3867 Insufficient Session Expiration vulnerability in Hashicorp Nomad 1.4.0/1.4.1
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected.
network
low complexity
hashicorp CWE-613
4.3
4.3
2022-11-03 CVE-2022-40230 Insufficient Session Expiration vulnerability in IBM MQ Appliance 9.2.0.0/9.3.0.0
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
6.5
2022-11-03 CVE-2022-39234 Insufficient Session Expiration vulnerability in Glpi-Project Glpi
GLPI stands for Gestionnaire Libre de Parc Informatique.
network
low complexity
glpi-project CWE-613
8.8
8.8