Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-5645 Session Fixation vulnerability in Mitsubishielectric Coreos 05.65.00.Bd
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
7.5
2020-11-02 CVE-2020-5654 Session Fixation vulnerability in Mitsubishielectric products
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
7.5
2020-10-29 CVE-2019-4563 Session Fixation vulnerability in IBM Security Directory Server 6.4.0.0
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-384
5.3
2020-10-19 CVE-2020-15909 Session Fixation vulnerability in Solarwinds N-Central
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access.
network
low complexity
solarwinds CWE-384
8.8
2020-08-05 CVE-2020-4243 Session Fixation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens.
network
high complexity
ibm CWE-384
3.7
2020-07-20 CVE-2020-4527 Session Fixation vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode.
network
high complexity
ibm CWE-384
5.9
2020-07-14 CVE-2020-6290 Session Fixation vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.
network
low complexity
sap CWE-384
6.3
2020-07-13 CVE-2019-4591 Session Fixation vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system.
local
low complexity
ibm CWE-384
7.8
2020-07-07 CVE-2020-5596 Session Fixation vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
7.5
2020-06-24 CVE-2020-15018 Session Fixation vulnerability in Playsms
playSMS through 1.4.3 is vulnerable to session fixation.
network
low complexity
playsms CWE-384
6.5