Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-25 | CVE-2022-27305 | Session Fixation vulnerability in Gibbonedu Gibbon Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | 6.8 |
| 2022-05-24 | CVE-2022-1849 | Session Fixation vulnerability in Filegator Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. | 5.5 |
| 2022-04-27 | CVE-2021-38869 | Session Fixation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. | 7.5 |
| 2022-04-18 | CVE-2021-20324 | Session Fixation vulnerability in Redhat products A flaw was found in WildFly Elytron. | 5.8 |
| 2022-04-14 | CVE-2020-25152 | Session Fixation vulnerability in Bbraun Datamodule Compactplus and Spacecom A session fixation vulnerability in the B. | 5.8 |
| 2022-03-24 | CVE-2022-24781 | Session Fixation vulnerability in Geon Project Geon 1.0.0 Geon is a board game based on solving questions about the Pythagorean Theorem. | 5.5 |
| 2022-03-09 | CVE-2022-24745 | Session Fixation vulnerability in Shopware Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. | 5.8 |
| 2022-02-18 | CVE-2022-22922 | Session Fixation vulnerability in Tp-Link Tl-Wa850Re Firmware TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | 7.5 |
| 2022-02-02 | CVE-2021-39066 | Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 6.5 |
| 2022-01-21 | CVE-2022-22551 | Session Fixation vulnerability in Dell EMC Appsync DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. | 5.8 |