Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-30 | CVE-2019-4304 | Session Fixation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. | 6.3 |
| 2019-09-26 | CVE-2019-6161 | Session Fixation vulnerability in Lenovo CP Storage Block Firmware An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. | 7.5 |
| 2019-09-25 | CVE-2019-12203 | Session Fixation vulnerability in Silverstripe SilverStripe through 4.3.3 allows session fixation in the "change password" form. | 6.3 |
| 2019-09-06 | CVE-2019-13517 | Session Fixation vulnerability in BD Pyxis Enterprise Server and Pyxis ES In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain. | 8.8 |
| 2019-08-09 | CVE-2019-12258 | Session Fixation vulnerability in multiple products Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. | 7.5 |
| 2019-08-09 | CVE-2019-5406 | Session Fixation vulnerability in HP 3Par Storeserv Management Console 3.3.1/3.5 A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | 7.2 |
| 2019-08-09 | CVE-2019-5400 | Session Fixation vulnerability in HP 3Par Service Processor Firmware A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | 6.3 |
| 2019-08-07 | CVE-2019-10371 | Session Fixation vulnerability in Jenkins Gitlab Oauth A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 7.5 |
| 2019-08-02 | CVE-2019-7849 | Session Fixation vulnerability in Magento A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. | 7.5 |
| 2019-07-25 | CVE-2019-4439 | Session Fixation vulnerability in IBM Cloud Private 3.1.0/3.1.1/3.1.2 IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 5.3 |