Vulnerabilities > Session Fixation

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-05	CVE-2022-31888	Session Fixation vulnerability in Enhancesoft Osticket Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. network low complexity enhancesoft CWE-384	8.8
2023-02-16	CVE-2021-42761	Session Fixation vulnerability in Fortinet Fortiweb A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. network low complexity fortinet CWE-384 critical	9.8
2023-01-26	CVE-2023-24424	Session Fixation vulnerability in Jenkins Openid Connect Authentication Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. network low complexity jenkins CWE-384	8.8
2023-01-26	CVE-2023-24427	Session Fixation vulnerability in Jenkins Bitbucket Oauth Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. network low complexity jenkins CWE-384 critical	9.8
2023-01-26	CVE-2023-24456	Session Fixation vulnerability in Jenkins Keycloak Authentication 2.3.0 Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. network low complexity jenkins CWE-384 critical	9.8
2023-01-20	CVE-2021-29368	Session Fixation vulnerability in Cuppacms Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. network low complexity cuppacms CWE-384	8.8
2023-01-06	CVE-2014-125048	Session Fixation vulnerability in Kluks Xingwall A vulnerability, which was classified as critical, has been found in kassi xingwall. network low complexity kluks CWE-384	5.4
2023-01-05	CVE-2022-43529	Session Fixation vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. network low complexity arubanetworks CWE-384	5.4
2022-12-29	CVE-2022-36437	Session Fixation vulnerability in Hazelcast Hazelcast-Jet The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. network low complexity hazelcast CWE-384 critical	9.1
2022-12-25	CVE-2022-44017	Session Fixation vulnerability in Simmeth Lieferantenmanager An issue was discovered in Simmeth Lieferantenmanager before 5.6. network low complexity simmeth CWE-384	7.5

Vulnerabilities > Session Fixation {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Session Fixation"}]}

Vulnerabilities > Session Fixation