Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-27 | CVE-2022-2782 | Insufficient Session Expiration vulnerability in Octopus Server In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | 9.1 |
| 2022-10-17 | CVE-2022-41542 | Insufficient Session Expiration vulnerability in Devhubapp Devhub 0.102.0 devhub 0.102.0 was discovered to contain a broken session control. | 5.4 |
| 2022-10-07 | CVE-2022-41291 | Insufficient Session Expiration vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2022-10-07 | CVE-2022-41672 | Insufficient Session Expiration vulnerability in Apache Airflow In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. | 8.1 |
| 2022-08-19 | CVE-2022-34624 | Insufficient Session Expiration vulnerability in Mealie 0.5.5/1.0.0 Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | 5.9 |
| 2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-08-01 | CVE-2022-30699 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-07-12 | CVE-2022-33137 | Insufficient Session Expiration vulnerability in Siemens products A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). | 6.0 |
| 2022-07-05 | CVE-2022-2306 | Insufficient Session Expiration vulnerability in Heroiclabs Nakama Old session tokens can be used to authenticate to the application and send authenticated requests. | 5.0 |
| 2022-06-20 | CVE-2022-22317 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 7.5 |