Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2022-02-02 CVE-2021-39066 Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4
IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
network
low complexity
ibm CWE-384
8.8
2022-01-21 CVE-2022-22551 Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings.
low complexity
dell CWE-384
8.8
2021-12-30 CVE-2021-20151 Session Fixation vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device.
network
low complexity
trendnet CWE-384
critical
10.0
2021-12-10 CVE-2021-31745 Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15
Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform.
network
low complexity
pluck-cms CWE-384
7.5
2021-11-08 CVE-2021-42073 Session Fixation vulnerability in Barrier Project Barrier
An issue was discovered in Barrier before 2.4.0.
network
low complexity
barrier-project CWE-384
8.2
2021-10-05 CVE-2021-41553 Session Fixation vulnerability in Archibus web Central 21.3.3.815
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user.
network
low complexity
archibus CWE-384
critical
9.8
2021-09-07 CVE-2021-35948 Session Fixation vulnerability in Owncloud
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
network
low complexity
owncloud CWE-384
5.4
2021-08-25 CVE-2021-22237 Session Fixation vulnerability in Gitlab
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled.
network
low complexity
gitlab CWE-384
4.9
2021-08-23 CVE-2021-39290 Session Fixation vulnerability in Netmodule Router Software 4.3.0.0/4.4.0.0
Certain NetModule devices allow Limited Session Fixation via PHPSESSID.
network
low complexity
netmodule CWE-384
critical
9.8
2021-08-05 CVE-2021-22927 Session Fixation vulnerability in Citrix products
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
network
low complexity
citrix CWE-384
8.1