Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-06 | CVE-2018-5465 | Session Fixation vulnerability in Belden products A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. | 8.8 |
| 2017-12-20 | CVE-2017-1270 | Session Fixation vulnerability in IBM Security Guardium IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 3.3 |
| 2017-12-19 | CVE-2017-11562 | Session Fixation vulnerability in MT4 Senhasegura 2.2.23.8 A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. | 8.8 |
| 2017-11-17 | CVE-2017-10890 | Session Fixation vulnerability in Sharp products Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors. | 4.6 |
| 2017-11-03 | CVE-2017-1000150 | Session Fixation vulnerability in Mahara Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. | 8.8 |
| 2017-10-31 | CVE-2017-14163 | Session Fixation vulnerability in Mahara An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. | 8.8 |
| 2017-10-15 | CVE-2017-15304 | Session Fixation vulnerability in Airtame Hdmi Dongle Firmware 2.3.3 /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. | 9.8 |
| 2017-09-28 | CVE-2017-11191 | Session Fixation vulnerability in Freeipa FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. | 8.8 |
| 2017-09-11 | CVE-2017-14263 | Session Fixation vulnerability in Honeywell products Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. | 8.1 |
| 2017-09-07 | CVE-2017-12225 | Session Fixation vulnerability in Cisco Prime LAN Management Solution 4.2(5) A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. | 6.5 |