Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-14 | CVE-2022-43687 | Session Fixation vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. | 5.4 |
| 2022-11-09 | CVE-2022-31689 | Session Fixation vulnerability in VMWare Workspace ONE Assist VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. | 9.8 |
| 2022-11-08 | CVE-2022-43398 | Session Fixation vulnerability in Siemens products A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). | 8.8 |
| 2022-10-31 | CVE-2022-40293 | Session Fixation vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to a session fixation that could be used hijack accounts. | 9.8 |
| 2022-10-24 | CVE-2021-46279 | Session Fixation vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. | 8.8 |
| 2022-10-11 | CVE-2022-40226 | Session Fixation vulnerability in Siemens products A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). | 8.1 |
| 2022-10-10 | CVE-2022-34334 | Session Fixation vulnerability in IBM Sterling Partner Engagement Manager 2.0/6.1 IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.5 |
| 2022-09-23 | CVE-2022-40630 | Session Fixation vulnerability in Tacitine products This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the Tacitine Firewall web-based management interface. | 9.8 |
| 2022-08-25 | CVE-2022-31798 | Session Fixation vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. | 6.1 |
| 2022-08-15 | CVE-2022-2820 | Session Fixation vulnerability in Namelessmc Nameless Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2. | 8.2 |