Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-03 | CVE-2015-5384 | Session Fixation vulnerability in Axiomsl Axiom 9.5.3 AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack. | 8.8 |
| 2019-04-02 | CVE-2018-1626 | Session Fixation vulnerability in IBM Security Privileged Identity Manager 2.1.1 IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.3 |
| 2019-04-01 | CVE-2019-5523 | Session Fixation vulnerability in VMWare Vcloud Director 9.5.0.0/9.5.0.1/9.5.0.2 VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. | 9.8 |
| 2019-03-29 | CVE-2017-18105 | Session Fixation vulnerability in Atlassian Crowd The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability. | 8.1 |
| 2019-03-26 | CVE-2019-9744 | Session Fixation vulnerability in Phoenixcontact products An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. | 8.8 |
| 2019-03-07 | CVE-2019-3784 | Session Fixation vulnerability in Cloudfoundry Stratos Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. | 6.5 |
| 2019-02-21 | CVE-2018-1948 | Session Fixation vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2019-02-18 | CVE-2019-0102 | Session Fixation vulnerability in Intel Data Center Manager Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 8.8 |
| 2019-02-13 | CVE-2018-20238 | Session Fixation vulnerability in Atlassian Crowd Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability. | 8.1 |
| 2019-02-11 | CVE-2019-7747 | Session Fixation vulnerability in Dbninja 3.2.7 DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. | 9.6 |