Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2019-5523 | Session Fixation vulnerability in VMWare Vcloud Director 9.5.0.0/9.5.0.1/9.5.0.2 VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. | 9.8 |
| 2019-03-29 | CVE-2017-18105 | Session Fixation vulnerability in Atlassian Crowd The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability. | 8.1 |
| 2019-03-26 | CVE-2019-9744 | Session Fixation vulnerability in Phoenixcontact products An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. | 8.8 |
| 2019-03-07 | CVE-2019-3784 | Session Fixation vulnerability in Cloudfoundry Stratos Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. | 6.5 |
| 2019-02-21 | CVE-2018-1948 | Session Fixation vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2019-02-18 | CVE-2019-0102 | Session Fixation vulnerability in Intel Data Center Manager Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 8.8 |
| 2019-02-13 | CVE-2018-20238 | Session Fixation vulnerability in Atlassian Crowd Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability. | 8.1 |
| 2019-02-11 | CVE-2019-7747 | Session Fixation vulnerability in Dbninja 3.2.7 DbNinja 3.2.7 allows session fixation via the data.php sessid parameter. | 9.6 |
| 2019-02-06 | CVE-2019-1003019 | Session Fixation vulnerability in Jenkins Github Oauth An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 5.9 |
| 2019-02-04 | CVE-2018-1962 | Session Fixation vulnerability in IBM Security Identity Manager IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. | 3.3 |