Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-23 | CVE-2020-10714 | Session Fixation vulnerability in multiple products A flaw was found in WildFly Elytron version 1.11.3.Final and before. | 7.5 |
| 2020-08-05 | CVE-2020-4243 | Session Fixation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. | 4.3 |
| 2020-07-20 | CVE-2020-4527 | Session Fixation vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. | 4.3 |
| 2020-07-14 | CVE-2020-6290 | Session Fixation vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | 6.8 |
| 2020-07-13 | CVE-2019-4591 | Session Fixation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 4.6 |
| 2020-07-07 | CVE-2020-5596 | Session Fixation vulnerability in Mitsubishielectric Coreos Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 5.0 |
| 2020-06-24 | CVE-2020-15018 | Session Fixation vulnerability in Playsms playSMS through 1.4.3 is vulnerable to session fixation. | 6.4 |
| 2020-06-05 | CVE-2020-4229 | Session Fixation vulnerability in IBM Mobile Foundation 8.0.0.0 IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. | 7.5 |
| 2020-06-02 | CVE-2020-13229 | Session Fixation vulnerability in Sysax Multi Server 6.90 An issue was discovered in Sysax Multi Server 6.90. | 6.8 |
| 2020-05-19 | CVE-2020-8434 | Session Fixation vulnerability in Jenzabar Internet Campus Solution Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. | 9.8 |