Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-18418 | Session Fixation vulnerability in Clonos 19.09 clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. | 7.5 |
| 2019-10-17 | CVE-2019-15849 | Session Fixation vulnerability in Eq-3 Homematic Ccu3 Firmware 3.14.11 eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. | 4.9 |
| 2019-10-09 | CVE-2019-0062 | Session Fixation vulnerability in Juniper Junos A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. | 6.8 |
| 2019-10-04 | CVE-2019-4227 | Session Fixation vulnerability in IBM MQ IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. | 7.3 |
| 2019-09-30 | CVE-2019-4304 | Session Fixation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. | 6.3 |
| 2019-09-26 | CVE-2019-6161 | Session Fixation vulnerability in Lenovo CP Storage Block Firmware An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. | 5.0 |
| 2019-09-25 | CVE-2019-12203 | Session Fixation vulnerability in Silverstripe SilverStripe through 4.3.3 allows session fixation in the "change password" form. | 3.7 |
| 2019-09-06 | CVE-2019-13517 | Session Fixation vulnerability in BD Pyxis Enterprise Server and Pyxis ES In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. | 6.5 |
| 2019-08-09 | CVE-2019-12258 | Session Fixation vulnerability in multiple products Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. | 5.0 |
| 2019-08-09 | CVE-2019-5406 | Session Fixation vulnerability in HP 3Par Storeserv Management Console 3.3.1/3.5 A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 9.0 |