Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-15612 | Session Fixation vulnerability in Nextcloud Server A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 5.9 |
| 2020-01-09 | CVE-2020-5205 | Session Fixation vulnerability in Powauth POW In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. | 5.4 |
| 2020-01-02 | CVE-2019-10158 | Session Fixation vulnerability in multiple products A flaw was found in Infinispan through version 9.4.14.Final. | 9.8 |
| 2019-12-23 | CVE-2019-17563 | Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. | 7.5 |
| 2019-12-18 | CVE-2019-18573 | Session Fixation vulnerability in Dell RSA Identity Governance and Lifecycle The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. | 8.8 |
| 2019-11-05 | CVE-2019-8116 | Session Fixation vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.5 |
| 2019-11-05 | CVE-2010-3671 | Session Fixation vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | 6.5 |
| 2019-11-05 | CVE-2019-17062 | Session Fixation vulnerability in Oxid-Esales Eshop An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. | 8.8 |
| 2019-10-24 | CVE-2019-18418 | Session Fixation vulnerability in Clonos 19.09 clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. | 9.8 |
| 2019-10-17 | CVE-2019-15849 | Session Fixation vulnerability in Eq-3 Homematic Ccu3 Firmware 3.14.11 eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. | 7.3 |