Vulnerabilities > Session Fixation

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-26	CVE-2018-1000602	Session Fixation vulnerability in Jenkins Saml A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. network high complexity jenkins CWE-384	5.9
2018-06-26	CVE-2018-1000519	Session Fixation vulnerability in Aio-Libs Project Aiohttp aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. network low complexity aio-libs-project CWE-384	6.5
2018-06-22	CVE-2018-12538	Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. network low complexity eclipse netapp CWE-384	8.8
2018-06-21	CVE-2018-0359	Session Fixation vulnerability in Cisco Meeting Server 2.3.0 A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. local low complexity cisco CWE-384	5.5
2018-06-18	CVE-2018-9026	Session Fixation vulnerability in Broadcom Privileged Access Manager A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. network low complexity broadcom CWE-384	7.5
2018-06-17	CVE-2018-12071	Session Fixation vulnerability in Codeigniter A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. network low complexity codeigniter CWE-384 critical	9.8
2018-06-13	CVE-2017-3968	Session Fixation vulnerability in Mcafee products Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. network low complexity mcafee CWE-384 critical	9.1
2018-06-13	CVE-2018-11385	Session Fixation vulnerability in multiple products An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. network high complexity sensiolabs debian fedoraproject CWE-384	8.1
2018-06-04	CVE-2018-11714	Session Fixation vulnerability in Tp-Link Tl-Wr840N Firmware and Tl-Wr841N Firmware An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. network low complexity tp-link CWE-384 critical	9.8
2018-05-31	CVE-2018-11571	Session Fixation vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 allows Session Fixation. network low complexity clippercms CWE-384	8.8

Vulnerabilities > Session Fixation {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Session Fixation"}]}

Vulnerabilities > Session Fixation