Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-18 | CVE-2020-12258 | Session Fixation vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. | 6.4 |
| 2020-05-13 | CVE-2020-1993 | Session Fixation vulnerability in Paloaltonetworks Pan-Os The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. | 5.5 |
| 2020-05-07 | CVE-2020-5894 | Session Fixation vulnerability in F5 Nginx Controller On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. | 5.8 |
| 2020-04-29 | CVE-2020-12467 | Session Fixation vulnerability in Intelliants Subrion 4.2.1 Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. | 6.4 |
| 2020-04-27 | CVE-2020-1762 | Session Fixation vulnerability in multiple products An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration. | 8.6 |
| 2020-04-24 | CVE-2020-6824 | Session Fixation vulnerability in Mozilla Firefox Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. | 1.9 |
| 2020-04-15 | CVE-2020-11729 | Session Fixation vulnerability in multiple products An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. | 7.5 |
| 2020-04-15 | CVE-2020-11728 | Session Fixation vulnerability in multiple products An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. | 5.0 |
| 2020-04-08 | CVE-2020-8826 | Session Fixation vulnerability in Linuxfoundation Argo Continuous Delivery As of v1.5.0, the Argo web interface authentication system issued immutable tokens. | 5.0 |
| 2020-04-08 | CVE-2020-4291 | Session Fixation vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. | 4.3 |