Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-6290 | Session Fixation vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | 6.3 |
| 2020-07-13 | CVE-2019-4591 | Session Fixation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 7.8 |
| 2020-07-07 | CVE-2020-5596 | Session Fixation vulnerability in Mitsubishielectric Coreos 05.65.00.Bd/Y TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | 7.5 |
| 2020-06-24 | CVE-2020-15018 | Session Fixation vulnerability in Playsms playSMS through 1.4.3 is vulnerable to session fixation. | 6.5 |
| 2020-06-05 | CVE-2020-4229 | Session Fixation vulnerability in IBM Mobile Foundation 8.0.0.0 IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. | 7.3 |
| 2020-06-02 | CVE-2020-13229 | Session Fixation vulnerability in Sysax Multi Server 6.90 An issue was discovered in Sysax Multi Server 6.90. | 8.8 |
| 2020-05-19 | CVE-2020-8434 | Session Fixation vulnerability in Jenzabar Internet Campus Solution Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. | 9.8 |
| 2020-05-18 | CVE-2020-12258 | Session Fixation vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. | 9.1 |
| 2020-05-13 | CVE-2020-1993 | Session Fixation vulnerability in Paloaltonetworks Pan-Os The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. | 5.4 |
| 2020-05-07 | CVE-2020-5894 | Session Fixation vulnerability in F5 Nginx Controller 3.0.0/3.1.0/3.2.0 On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. | 8.1 |