Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-10318 | Session Fixation vulnerability in F5 products A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. | 5.4 |
| 2024-10-22 | CVE-2024-48929 | Session Fixation vulnerability in Umbraco CMS Umbraco is a free and open source .NET content management system. | 4.2 |
| 2024-10-19 | CVE-2024-10158 | Session Fixation vulnerability in PHPgurukul Boat Booking System 1.0 A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. | 8.8 |
| 2024-09-27 | CVE-2024-8643 | Session Fixation vulnerability in Oceanicsoft Valeapp Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. | 9.8 |
| 2024-09-10 | CVE-2024-42345 | Session Fixation vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). | 4.3 |
| 2024-09-09 | CVE-2024-7341 | Session Fixation vulnerability in Redhat Keycloak A session fixation issue was discovered in the SAML adapters provided by Keycloak. | 7.1 |
| 2024-08-12 | CVE-2023-38018 | Session Fixation vulnerability in IBM Aspera Shares 1.10.0 IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |
| 2024-02-09 | CVE-2023-45718 | Session Fixation vulnerability in Hcltech Sametime 11.6/12.0 Sametime is impacted by a failure to invalidate sessions. | 7.5 |
| 2024-02-09 | CVE-2024-22318 | Session Fixation vulnerability in IBM I Access Client Solutions IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. | 5.5 |
| 2024-02-08 | CVE-2023-47798 | Session Fixation vulnerability in Liferay Digital Experience Platform and Liferay Portal Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | 4.6 |