Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2022-22283 Insufficient Session Expiration vulnerability in Samsung Health 6.16/6.17/6.19.1.0001
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.
local
low complexity
samsung CWE-613
3.3
3.3
2022-01-05 CVE-2022-21652 Insufficient Session Expiration vulnerability in Shopware
Shopware is an open source e-commerce software platform.
network
low complexity
shopware CWE-613
8.1
8.1
2022-01-03 CVE-2021-25981 Insufficient Session Expiration vulnerability in Talkyard
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration.
network
low complexity
talkyard CWE-613
critical
 9.8
9.8
2021-12-29 CVE-2021-45885 Insufficient Session Expiration vulnerability in Stormshield Network Security 4.2.2/4.2.3
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8).
network
low complexity
stormshield CWE-613
7.5
7.5
2021-12-29 CVE-2021-35034 Insufficient Session Expiration vulnerability in Zyxel Nbg6604 Firmware
An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted.
network
low complexity
zyxel CWE-613
critical
 9.1
9.1
2021-12-08 CVE-2020-27416 Insufficient Session Expiration vulnerability in Mahadiscom Mahavitaran 7.50
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.
network
low complexity
mahadiscom CWE-613
critical
 9.8
9.8
2021-11-30 CVE-2021-42545 Insufficient Session Expiration vulnerability in Business-Dnasolutions Topease
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.
network
low complexity
business-dnasolutions CWE-613
critical
 9.1
9.1
2021-11-16 CVE-2021-25940 Insufficient Session Expiration vulnerability in Arangodb
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration.
network
low complexity
arangodb CWE-613
8.0
8.0
2021-11-16 CVE-2021-25985 Insufficient Session Expiration vulnerability in Darwin Factor
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application.
network
low complexity
darwin CWE-613
critical
 9.8
9.8
2021-11-04 CVE-2021-41247 Insufficient Session Expiration vulnerability in Jupyter Jupyterhub
JupyterHub is an open source multi-user server for Jupyter notebooks.
network
low complexity
jupyter CWE-613
7.5
7.5