Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2018-1375 | Session Fixation vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 5.0 |
| 2018-05-25 | CVE-2018-11475 | Session Fixation vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. | 6.0 |
| 2018-05-25 | CVE-2018-11474 | Session Fixation vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. | 6.0 |
| 2018-05-18 | CVE-2018-1148 | Session Fixation vulnerability in Tenable Nessus In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. | 4.0 |
| 2018-05-15 | CVE-2018-10591 | Session Fixation vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | 2.6 |
| 2018-05-14 | CVE-2018-10252 | Session Fixation vulnerability in Actiontec Wcb6200Q Firmware An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. | 6.8 |
| 2018-05-08 | CVE-2018-1000173 | Session Fixation vulnerability in Jenkins Google Login A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 4.3 |
| 2018-05-01 | CVE-2013-2049 | Session Fixation vulnerability in Redhat Cloudforms Management Engine 2.0 Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | 5.0 |
| 2018-04-20 | CVE-2018-0564 | Session Fixation vulnerability in Lockon Ec-Cube Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors. | 5.8 |
| 2018-04-19 | CVE-2018-0229 | Session Fixation vulnerability in Cisco products A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. | 6.5 |