Vulnerabilities > Session Fixation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-02 | CVE-2021-39066 | Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 8.8 |
2022-01-21 | CVE-2022-22551 | Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. | 8.8 |
2021-12-30 | CVE-2021-20151 | Session Fixation vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. | 10.0 |
2021-12-10 | CVE-2021-31745 | Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15 Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. | 7.5 |
2021-11-08 | CVE-2021-42073 | Session Fixation vulnerability in Barrier Project Barrier An issue was discovered in Barrier before 2.4.0. | 8.2 |
2021-10-05 | CVE-2021-41553 | Session Fixation vulnerability in Archibus web Central 21.3.3.815 In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. | 9.8 |
2021-09-07 | CVE-2021-35948 | Session Fixation vulnerability in Owncloud Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. | 5.4 |
2021-08-25 | CVE-2021-22237 | Session Fixation vulnerability in Gitlab Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. | 4.9 |
2021-08-23 | CVE-2021-39290 | Session Fixation vulnerability in Netmodule Router Software 4.3.0.0/4.4.0.0 Certain NetModule devices allow Limited Session Fixation via PHPSESSID. | 9.8 |
2021-08-05 | CVE-2021-22927 | Session Fixation vulnerability in Citrix products A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session. | 8.1 |