Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-25590 Insufficient Session Expiration vulnerability in Surveyking 0.2.0
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.
network
low complexity
surveyking CWE-613
6.5
2022-03-19 CVE-2022-0991 Insufficient Session Expiration vulnerability in Admidio
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
network
low complexity
admidio CWE-613
7.1
2022-03-14 CVE-2022-24743 Insufficient Session Expiration vulnerability in Sylius
Sylius is an open source eCommerce platform.
network
low complexity
sylius CWE-613
8.2
2022-03-01 CVE-2021-38986 Insufficient Session Expiration vulnerability in IBM MQ 9.2.0/9.2.0.0/9.2.1.0
IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.4
2022-02-25 CVE-2022-24332 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
network
low complexity
jetbrains CWE-613
5.3
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
7.5
2022-01-28 CVE-2021-22820 Insufficient Session Expiration vulnerability in Schneider-Electric products
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password.
network
low complexity
schneider-electric CWE-613
critical
9.8
2022-01-26 CVE-2021-29846 Insufficient Session Expiration vulnerability in IBM Security Guardium Insights 3.0.0
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
network
low complexity
ibm CWE-613
2.7
2022-01-18 CVE-2021-37866 Insufficient Session Expiration vulnerability in Mattermost Boards 0.10.0
Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.
network
low complexity
mattermost CWE-613
7.5
2022-01-13 CVE-2022-22113 Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday
In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration.
network
low complexity
daybydaycrm CWE-613
8.8