Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2013-0507 | Session Fixation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 5.8 |
| 2020-02-04 | CVE-2019-15612 | Session Fixation vulnerability in Nextcloud Server A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 3.2 |
| 2020-01-09 | CVE-2020-5205 | Session Fixation vulnerability in Powauth POW In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. | 5.5 |
| 2020-01-02 | CVE-2019-10158 | Session Fixation vulnerability in multiple products A flaw was found in Infinispan through version 9.4.14.Final. | 9.8 |
| 2019-12-23 | CVE-2019-17563 | Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. | 7.5 |
| 2019-12-18 | CVE-2019-18573 | Session Fixation vulnerability in Dell RSA Identity Governance and Lifecycle The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. | 6.8 |
| 2019-11-14 | CVE-2019-11173 | Session Fixation vulnerability in Intel Baseboard Management Controller Firmware Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. | 3.6 |
| 2019-11-05 | CVE-2019-8116 | Session Fixation vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 5.0 |
| 2019-11-05 | CVE-2010-3671 | Session Fixation vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | 9.4 |
| 2019-11-05 | CVE-2019-17062 | Session Fixation vulnerability in Oxid-Esales Eshop An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. | 6.8 |