Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-14 | CVE-2017-1152 | Session Fixation vulnerability in IBM Financial Transaction Manager 3.0.1.0/3.0.2.0 IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. | 4.3 |
| 2017-03-30 | CVE-2017-6412 | Session Fixation vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | 8.1 |
| 2017-03-28 | CVE-2016-9125 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. | 9.8 |
| 2017-03-03 | CVE-2017-5831 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | 5.9 |
| 2017-03-03 | CVE-2016-10205 | Session Fixation vulnerability in Zoneminder Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | 7.3 |
| 2017-02-13 | CVE-2017-5141 | Session Fixation vulnerability in Honeywell XL web II Controller Xlwebexe10208/Xlwebexe20100 An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. | 6.0 |
| 2017-02-01 | CVE-2016-9703 | Session Fixation vulnerability in IBM Security Identity Manager Virtual Appliance IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | 2.4 |
| 2017-02-01 | CVE-2016-6043 | Session Fixation vulnerability in IBM Tivoli Storage Manager Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | 7.0 |
| 2017-02-01 | CVE-2016-6040 | Session Fixation vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | 5.0 |
| 2017-01-10 | CVE-2015-4594 | Session Fixation vulnerability in Eclinicalworks Population Health eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. | 9.8 |