Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-27305 Session Fixation vulnerability in Gibbonedu Gibbon
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
network
low complexity
gibbonedu CWE-384
8.8
2022-05-24 CVE-2022-1849 Session Fixation vulnerability in Filegator
Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.
network
low complexity
filegator CWE-384
5.4
2022-04-27 CVE-2021-38869 Session Fixation vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout.
network
low complexity
ibm CWE-384
critical
9.8
2022-04-06 CVE-2022-26591 Session Fixation vulnerability in Fantec Mwid25-Ds Firmware 2.000.030
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.
network
low complexity
fantec CWE-384
7.5
2022-02-02 CVE-2021-39066 Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
network
low complexity
ibm CWE-384
8.8
2022-01-21 CVE-2022-22551 Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings.
low complexity
dell CWE-384
8.8
2021-12-30 CVE-2021-20151 Session Fixation vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device.
network
low complexity
trendnet CWE-384
critical
10.0
2021-12-10 CVE-2021-31745 Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform.
network
low complexity
pluck-cms CWE-384
7.5
2021-11-08 CVE-2021-42073 Session Fixation vulnerability in Barrier Project Barrier
An issue was discovered in Barrier before 2.4.0.
network
low complexity
barrier-project CWE-384
8.2
2021-10-05 CVE-2021-41553 Session Fixation vulnerability in Archibus web Central 21.3.3.815
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user.
network
low complexity
archibus CWE-384
critical
9.8