Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2022-11-10 CVE-2022-3867 Insufficient Session Expiration vulnerability in Hashicorp Nomad 1.4.0/1.4.1
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected.
network
low complexity
hashicorp CWE-613
4.3
2022-11-03 CVE-2022-40230 Insufficient Session Expiration vulnerability in IBM MQ Appliance 9.2.0.0/9.3.0.0
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2022-11-03 CVE-2022-39234 Insufficient Session Expiration vulnerability in Glpi-Project Glpi
GLPI stands for Gestionnaire Libre de Parc Informatique.
network
low complexity
glpi-project CWE-613
8.8
2022-10-27 CVE-2022-2782 Insufficient Session Expiration vulnerability in Octopus Server
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
network
low complexity
octopus CWE-613
critical
9.1
2022-10-17 CVE-2022-41542 Insufficient Session Expiration vulnerability in Devhubapp Devhub 0.102.0
devhub 0.102.0 was discovered to contain a broken session control.
network
low complexity
devhubapp CWE-613
5.4
2022-10-07 CVE-2022-41291 Insufficient Session Expiration vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
2022-09-21 CVE-2019-5641 Insufficient Session Expiration vulnerability in Rapid7 Insightvm
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
network
low complexity
rapid7 CWE-613
5.3
2022-08-29 CVE-2022-31677 Insufficient Session Expiration vulnerability in VMWare Pinniped
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0).
network
low complexity
vmware CWE-613
5.4
2022-08-19 CVE-2022-34624 Insufficient Session Expiration vulnerability in Mealie 0.5.5/1.0.0
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.
network
high complexity
mealie CWE-613
5.9
2022-08-01 CVE-2022-30698 Insufficient Session Expiration vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack.
network
low complexity
nlnetlabs fedoraproject CWE-613
6.5