Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-0897 | Session Fixation vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. | 9.8 |
| 2023-10-16 | CVE-2023-45687 | Session Fixation vulnerability in Southrivertech Titan MFT Server and Titan Sftp Server A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | 8.8 |
| 2023-09-20 | CVE-2023-42322 | Session Fixation vulnerability in Icmsdev Icms 7.0.16 Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | 9.8 |
| 2023-09-12 | CVE-2023-3711 | Session Fixation vulnerability in Honeywell Pm43 Firmware Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. | 8.8 |
| 2023-09-05 | CVE-2023-41012 | Session Fixation vulnerability in Chinamobile Intelligent Home Gateway Firmware Hg6543C4 An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism. | 9.8 |
| 2023-08-09 | CVE-2023-24477 | Session Fixation vulnerability in Nozominetworks CMC and Guardian In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. | 7.0 |
| 2023-07-12 | CVE-2023-37946 | Session Fixation vulnerability in Jenkins Openshift Login Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | 8.8 |
| 2023-06-15 | CVE-2023-28809 | Session Fixation vulnerability in Hikvision products Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. | 7.5 |
| 2023-05-16 | CVE-2023-32997 | Session Fixation vulnerability in Jenkins CAS Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | 8.8 |
| 2023-05-11 | CVE-2023-31498 | Session Fixation vulnerability in PHPgurukul Hospital Management System 4.0 A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. | 9.8 |