Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2023-38018 | Session Fixation vulnerability in IBM Aspera Shares 1.10.0 IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |
| 2024-04-12 | CVE-2024-0157 | Session Fixation vulnerability in Dell products Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. | 6.5 |
| 2024-03-11 | CVE-2024-28197 | Session Fixation vulnerability in Zitadel Zitadel is an open source identity management system. | 7.5 |
| 2024-02-09 | CVE-2023-45718 | Session Fixation vulnerability in Hcltech Sametime 11.6/12.0 Sametime is impacted by a failure to invalidate sessions. | 7.5 |
| 2024-02-09 | CVE-2024-22318 | Session Fixation vulnerability in IBM I Access Client Solutions IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. | 5.5 |
| 2024-02-08 | CVE-2023-47798 | Session Fixation vulnerability in Liferay Digital Experience Platform and Liferay Portal Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | 4.6 |
| 2024-01-21 | CVE-2023-52353 | Session Fixation vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS through 3.5.1. | 7.5 |
| 2024-01-19 | CVE-2024-23679 | Session Fixation vulnerability in Enonic XP Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. | 9.8 |
| 2024-01-12 | CVE-2023-50920 | Session Fixation vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before version 4.5.0. | 5.5 |
| 2023-12-08 | CVE-2023-48929 | Session Fixation vulnerability in Franklin-Electric System Sentinel Anyware 1.6.24.492 Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. | 9.8 |