Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-13 | CVE-2018-20238 | Session Fixation vulnerability in Atlassian Crowd Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability. | 5.5 |
| 2019-02-11 | CVE-2019-7747 | Session Fixation vulnerability in Dbninja 3.2.7 DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. | 6.8 |
| 2019-02-06 | CVE-2019-1003019 | Session Fixation vulnerability in Jenkins Github Oauth An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 5.9 |
| 2019-02-04 | CVE-2018-1962 | Session Fixation vulnerability in IBM Security Identity Manager IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. | 2.1 |
| 2019-02-04 | CVE-2019-7350 | Session Fixation vulnerability in Zoneminder Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. | 4.9 |
| 2019-01-30 | CVE-2018-17199 | Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. | 7.5 |
| 2019-01-09 | CVE-2018-1000409 | Session Fixation vulnerability in Jenkins A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account. | 5.8 |
| 2018-12-13 | CVE-2018-1804 | Session Fixation vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2018-12-12 | CVE-2018-1485 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 4.0 |
| 2018-12-12 | CVE-2018-1484 | Session Fixation vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |