Vulnerabilities > Insufficient Session Expiration
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-10 | CVE-2022-3867 | Insufficient Session Expiration vulnerability in Hashicorp Nomad 1.4.0/1.4.1 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. | 4.3 |
2022-11-03 | CVE-2022-40230 | Insufficient Session Expiration vulnerability in IBM MQ Appliance 9.2.0.0/9.3.0.0 "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2022-11-03 | CVE-2022-39234 | Insufficient Session Expiration vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique. | 8.8 |
2022-10-27 | CVE-2022-2782 | Insufficient Session Expiration vulnerability in Octopus Server In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | 9.1 |
2022-10-17 | CVE-2022-41542 | Insufficient Session Expiration vulnerability in Devhubapp Devhub 0.102.0 devhub 0.102.0 was discovered to contain a broken session control. | 5.4 |
2022-10-07 | CVE-2022-41291 | Insufficient Session Expiration vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
2022-09-21 | CVE-2019-5641 | Insufficient Session Expiration vulnerability in Rapid7 Insightvm Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | 5.3 |
2022-08-29 | CVE-2022-31677 | Insufficient Session Expiration vulnerability in VMWare Pinniped An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). | 5.4 |
2022-08-19 | CVE-2022-34624 | Insufficient Session Expiration vulnerability in Mealie 0.5.5/1.0.0 Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | 5.9 |
2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |