Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2019-4617 | Session Fixation vulnerability in IBM Cloud Automation Manager 3.2.1.0 IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.4 |
| 2020-03-16 | CVE-2020-5543 | Session Fixation vulnerability in Mitsubishielectric Iu1-1M20-D Firmware 1.0.7 TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet. | 9.8 |
| 2020-03-05 | CVE-2020-9370 | Session Fixation vulnerability in Humaxdigital Hga12R-02 Firmware 1.1.53 HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. | 9.1 |
| 2020-02-20 | CVE-2020-8990 | Session Fixation vulnerability in Western Digital IBI and MY Cloud Home Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation. | 9.1 |
| 2020-02-06 | CVE-2014-10400 | Session Fixation vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. | 6.1 |
| 2020-02-06 | CVE-2014-10399 | Session Fixation vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. | 6.1 |
| 2020-02-06 | CVE-2013-4572 | Session Fixation vulnerability in multiple products The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | 7.5 |
| 2020-02-05 | CVE-2013-0507 | Session Fixation vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | 8.1 |
| 2020-02-04 | CVE-2019-15612 | Session Fixation vulnerability in Nextcloud Server A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 5.9 |
| 2020-01-09 | CVE-2020-5205 | Session Fixation vulnerability in Powauth POW In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. | 5.4 |