Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-09 | CVE-2019-5400 | Session Fixation vulnerability in HP 3Par Service Processor Firmware A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 6.5 |
| 2019-08-07 | CVE-2019-10371 | Session Fixation vulnerability in Jenkins Gitlab Oauth A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 7.5 |
| 2019-08-02 | CVE-2019-7849 | Session Fixation vulnerability in Magento A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. | 5.0 |
| 2019-07-25 | CVE-2019-4439 | Session Fixation vulnerability in IBM Cloud Private 3.1.0/3.1.1/3.1.2 IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 5.3 |
| 2019-07-10 | CVE-2019-10120 | Session Fixation vulnerability in Eq-3 Ccu2 Firmware and Ccu3 Firmware On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154. | 6.5 |
| 2019-06-25 | CVE-2019-4152 | Session Fixation vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. | 4.4 |
| 2019-05-31 | CVE-2019-10045 | Session Fixation vulnerability in Pydio The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. | 6.4 |
| 2019-05-03 | CVE-2019-1807 | Session Fixation vulnerability in Cisco Umbrella A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. | 6.8 |
| 2019-04-30 | CVE-2018-15208 | Session Fixation vulnerability in Bpcbt Smartvista 2 BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. | 5.1 |
| 2019-04-24 | CVE-2019-10008 | Session Fixation vulnerability in Zohocorp Servicedesk Plus 9.3 Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab. | 6.5 |