Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-27305 Session Fixation vulnerability in Gibbonedu Gibbon
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
network
gibbonedu CWE-384
6.8
2022-05-24 CVE-2022-1849 Session Fixation vulnerability in Filegator
Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.
network
low complexity
filegator CWE-384
5.5
2022-04-27 CVE-2021-38869 Session Fixation vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout.
network
low complexity
ibm CWE-384
7.5
2022-04-18 CVE-2021-20324 Session Fixation vulnerability in Redhat products
A flaw was found in WildFly Elytron.
network
redhat CWE-384
5.8
2022-04-14 CVE-2020-25152 Session Fixation vulnerability in Bbraun Datamodule Compactplus and Spacecom
A session fixation vulnerability in the B.
network
bbraun CWE-384
5.8
2022-03-24 CVE-2022-24781 Session Fixation vulnerability in Geon Project Geon 1.0.0
Geon is a board game based on solving questions about the Pythagorean Theorem.
network
low complexity
geon-project CWE-384
5.5
2022-03-09 CVE-2022-24745 Session Fixation vulnerability in Shopware
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework.
network
shopware CWE-384
5.8
2022-02-18 CVE-2022-22922 Session Fixation vulnerability in Tp-Link Tl-Wa850Re Firmware
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.
network
low complexity
tp-link CWE-384
7.5
2022-02-02 CVE-2021-39066 Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
network
low complexity
ibm CWE-384
6.5
2022-01-21 CVE-2022-22551 Session Fixation vulnerability in Dell EMC Appsync
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings.
low complexity
dell CWE-384
5.8