Vulnerabilities > Insufficient Session Expiration
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-25 | CVE-2022-25590 | Insufficient Session Expiration vulnerability in Surveyking 0.2.0 SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. | 6.5 |
2022-03-19 | CVE-2022-0991 | Insufficient Session Expiration vulnerability in Admidio Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | 7.1 |
2022-03-14 | CVE-2022-24743 | Insufficient Session Expiration vulnerability in Sylius Sylius is an open source eCommerce platform. | 8.2 |
2022-03-01 | CVE-2021-38986 | Insufficient Session Expiration vulnerability in IBM MQ 9.2.0/9.2.0.0/9.2.1.0 IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.4 |
2022-02-25 | CVE-2022-24332 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. | 5.3 |
2022-02-25 | CVE-2022-24341 | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. | 7.5 |
2022-01-28 | CVE-2021-22820 | Insufficient Session Expiration vulnerability in Schneider-Electric products A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. | 9.8 |
2022-01-26 | CVE-2021-29846 | Insufficient Session Expiration vulnerability in IBM Security Guardium Insights 3.0.0 IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. | 2.7 |
2022-01-18 | CVE-2021-37866 | Insufficient Session Expiration vulnerability in Mattermost Boards 0.10.0 Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization. | 7.5 |
2022-01-13 | CVE-2022-22113 | Insufficient Session Expiration vulnerability in Daybydaycrm Daybyday In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. | 8.8 |