Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-11 | CVE-2018-1127 | Session Fixation vulnerability in Redhat Gluster Storage Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. | 8.1 |
| 2018-08-06 | CVE-2017-1368 | Session Fixation vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. | 6.5 |
| 2018-07-24 | CVE-2018-5385 | Session Fixation vulnerability in Navarino Infinity 2.2 Navarino Infinity is prone to session fixation attacks. | 8.8 |
| 2018-07-19 | CVE-2016-9574 | Session Fixation vulnerability in Mozilla Network Security Services nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. | 5.9 |
| 2018-07-18 | CVE-2018-14387 | Session Fixation vulnerability in Wondercms An issue was discovered in WonderCMS before 2.5.2. | 8.8 |
| 2018-07-13 | CVE-2016-6545 | Session Fixation vulnerability in Ieasytec Itrackeasy Session cookies are not used for maintaining valid sessions in iTrack Easy. | 9.8 |
| 2018-07-10 | CVE-2018-1492 | Session Fixation vulnerability in IBM products IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. | 6.8 |
| 2018-06-26 | CVE-2018-1000602 | Session Fixation vulnerability in Jenkins Saml A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. | 5.9 |
| 2018-06-26 | CVE-2018-1000519 | Session Fixation vulnerability in Aio-Libs Project Aiohttp aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. | 6.5 |
| 2018-06-22 | CVE-2018-12538 | Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 8.8 |