Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-8643 Session Fixation vulnerability in Oceanicsoft Valeapp
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
network
low complexity
oceanicsoft CWE-384
critical
9.8
2024-09-10 CVE-2024-42345 Session Fixation vulnerability in Siemens Sinema Remote Connect Server
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2).
network
low complexity
siemens CWE-384
4.3
2024-09-09 CVE-2024-7341 Session Fixation vulnerability in Redhat Keycloak
A session fixation issue was discovered in the SAML adapters provided by Keycloak.
network
high complexity
redhat CWE-384
7.1
2024-08-12 CVE-2023-38018 Session Fixation vulnerability in IBM Aspera Shares 1.10.0
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
5.4
2024-02-09 CVE-2023-45718 Session Fixation vulnerability in Hcltech Sametime 11.6/12.0
Sametime is impacted by a failure to invalidate sessions.
network
low complexity
hcltech CWE-384
7.5
2024-02-09 CVE-2024-22318 Session Fixation vulnerability in IBM I Access Client Solutions
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server.
local
low complexity
ibm CWE-384
5.5
2024-02-08 CVE-2023-47798 Session Fixation vulnerability in Liferay Digital Experience Platform and Liferay Portal
Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.
network
low complexity
liferay CWE-384
4.6
2024-02-07 CVE-2024-24823 Session Fixation vulnerability in Graylog
Graylog is a free and open log management platform.
network
high complexity
graylog CWE-384
4.4
2024-02-02 CVE-2023-50941 Session Fixation vulnerability in IBM Powersc 1.3/2.0/2.1
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation.
network
low complexity
ibm CWE-384
5.4
2024-01-21 CVE-2023-52353 Session Fixation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS through 3.5.1.
network
low complexity
arm CWE-384
7.5