Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-20 | CVE-2024-49344 | IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout. | 4.3 |
| 2024-12-12 | CVE-2024-50339 | Session Fixation vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 5.3 |
| 2024-11-12 | CVE-2023-50176 | Session Fixation vulnerability in Fortinet Fortios A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link. | 8.8 |
| 2024-11-06 | CVE-2024-10318 | Session Fixation vulnerability in F5 products A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. | 5.4 |
| 2024-10-22 | CVE-2024-48929 | Session Fixation vulnerability in Umbraco CMS Umbraco is a free and open source .NET content management system. | 4.2 |
| 2024-10-19 | CVE-2024-10158 | Session Fixation vulnerability in PHPgurukul Boat Booking System 1.0 A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. | 8.8 |
| 2024-09-27 | CVE-2024-8643 | Session Fixation vulnerability in Oceanicsoft Valeapp Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. | 9.8 |
| 2024-09-10 | CVE-2024-42345 | Session Fixation vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). | 4.3 |
| 2024-09-09 | CVE-2024-7341 | Session Fixation vulnerability in Redhat Keycloak A session fixation issue was discovered in the SAML adapters provided by Keycloak. | 7.1 |
| 2024-08-12 | CVE-2023-38018 | Session Fixation vulnerability in IBM Aspera Shares 1.10.0 IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |