Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-6290 Session Fixation vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.
network
low complexity
sap CWE-384
6.3
2020-07-13 CVE-2019-4591 Session Fixation vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system.
local
low complexity
ibm CWE-384
7.8
2020-07-07 CVE-2020-5596 Session Fixation vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
7.5
2020-06-24 CVE-2020-15018 Session Fixation vulnerability in Playsms
playSMS through 1.4.3 is vulnerable to session fixation.
network
low complexity
playsms CWE-384
6.5
2020-06-05 CVE-2020-4229 Session Fixation vulnerability in IBM Mobile Foundation 8.0.0.0
IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session.
network
low complexity
ibm CWE-384
7.3
2020-06-02 CVE-2020-13229 Session Fixation vulnerability in Sysax Multi Server 6.90
An issue was discovered in Sysax Multi Server 6.90.
network
low complexity
sysax CWE-384
8.8
2020-05-19 CVE-2020-8434 Session Fixation vulnerability in Jenzabar Internet Campus Solution
Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username.
network
low complexity
jenzabar CWE-384
critical
9.8
2020-05-18 CVE-2020-12258 Session Fixation vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled.
network
low complexity
rconfig CWE-384
critical
9.1
2020-05-13 CVE-2020-1993 Session Fixation vulnerability in Paloaltonetworks Pan-Os
The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID.
network
low complexity
paloaltonetworks CWE-384
5.4
2020-05-07 CVE-2020-5894 Session Fixation vulnerability in F5 Nginx Controller
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
network
low complexity
f5 CWE-384
8.1