Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-12203 | Session Fixation vulnerability in Silverstripe SilverStripe through 4.3.3 allows session fixation in the "change password" form. | 6.3 |
| 2019-09-06 | CVE-2019-13517 | Session Fixation vulnerability in BD Pyxis Enterprise Server and Pyxis ES In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. | 8.8 |
| 2019-08-09 | CVE-2019-12258 | Session Fixation vulnerability in multiple products Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. | 7.5 |
| 2019-08-09 | CVE-2019-5406 | Session Fixation vulnerability in HP 3Par Storeserv Management Console 3.3.1/3.5 A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 7.2 |
| 2019-08-09 | CVE-2019-5400 | Session Fixation vulnerability in HP 3Par Service Processor Firmware A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 6.3 |
| 2019-08-07 | CVE-2019-10371 | Session Fixation vulnerability in Jenkins Gitlab Oauth A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 7.5 |
| 2019-08-02 | CVE-2019-7849 | Session Fixation vulnerability in Magento A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. | 7.5 |
| 2019-07-25 | CVE-2019-4439 | Session Fixation vulnerability in IBM Cloud Private 3.1.0/3.1.1/3.1.2 IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 5.3 |
| 2019-07-10 | CVE-2019-10120 | Session Fixation vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154. | 8.8 |
| 2019-06-25 | CVE-2019-4152 | Session Fixation vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. | 4.4 |