Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-8643 | Session Fixation vulnerability in Oceanicsoft Valeapp Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. | 9.8 |
| 2024-09-10 | CVE-2024-42345 | Session Fixation vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). | 4.3 |
| 2024-09-09 | CVE-2024-7341 | Session Fixation vulnerability in Redhat Keycloak A session fixation issue was discovered in the SAML adapters provided by Keycloak. | 7.1 |
| 2024-08-12 | CVE-2023-38018 | Session Fixation vulnerability in IBM Aspera Shares 1.10.0 IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |
| 2024-05-06 | CVE-2024-23193 | Session Fixation vulnerability in Open-Xchange OX APP Suite E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. | 5.3 |
| 2024-04-12 | CVE-2024-0157 | Session Fixation vulnerability in Dell products Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. | 6.5 |
| 2024-03-11 | CVE-2024-28197 | Session Fixation vulnerability in Zitadel Zitadel is an open source identity management system. | 7.5 |
| 2024-02-09 | CVE-2023-45718 | Session Fixation vulnerability in Hcltech Sametime 11.6/12.0 Sametime is impacted by a failure to invalidate sessions. | 7.5 |
| 2024-02-09 | CVE-2024-22318 | Session Fixation vulnerability in IBM I Access Client Solutions IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. | 5.5 |
| 2024-02-08 | CVE-2023-47798 | Session Fixation vulnerability in Liferay Digital Experience Platform and Liferay Portal Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | 4.6 |