Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2023-47798 | Session Fixation vulnerability in Liferay Digital Experience Platform and Liferay Portal Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | 4.6 |
| 2024-01-21 | CVE-2023-52353 | Session Fixation vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS through 3.5.1. | 7.5 |
| 2024-01-19 | CVE-2024-23679 | Session Fixation vulnerability in Enonic XP Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. | 9.8 |
| 2024-01-12 | CVE-2023-50920 | Session Fixation vulnerability in Gl-Inet products An issue was discovered on GL.iNet devices before version 4.5.0. | 5.5 |
| 2023-12-08 | CVE-2023-48929 | Session Fixation vulnerability in Franklin-Electric System Sentinel Anyware 1.6.24.492 Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. | 9.8 |
| 2023-11-07 | CVE-2023-5309 | Session Fixation vulnerability in Puppet Enterprise Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 9.8 |
| 2023-10-26 | CVE-2023-0897 | Session Fixation vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. | 9.8 |
| 2023-10-16 | CVE-2023-45687 | Session Fixation vulnerability in Southrivertech Titan MFT Server and Titan Sftp Server A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | 8.8 |
| 2023-09-20 | CVE-2023-42322 | Session Fixation vulnerability in Icmsdev Icms 7.0.16 Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | 9.8 |
| 2023-09-12 | CVE-2023-3711 | Session Fixation vulnerability in Honeywell Pm43 Firmware Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 8.8 |