Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-27 | CVE-2021-38869 | Session Fixation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. | 9.8 |
| 2022-04-06 | CVE-2022-26591 | Session Fixation vulnerability in Fantec Mwid25-Ds Firmware 2.000.030 FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. | 7.5 |
| 2022-02-02 | CVE-2021-39066 | Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 8.8 |
| 2022-01-21 | CVE-2022-22551 | Session Fixation vulnerability in Dell EMC Appsync 3.9.0.0/4.2.0.0/4.3.0.0 DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. | 8.8 |
| 2021-12-30 | CVE-2021-20151 | Session Fixation vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. | 10.0 |
| 2021-12-10 | CVE-2021-31745 | Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15 Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. | 7.5 |
| 2021-11-08 | CVE-2021-42073 | Session Fixation vulnerability in Barrier Project Barrier An issue was discovered in Barrier before 2.4.0. | 8.2 |
| 2021-10-05 | CVE-2021-41553 | Session Fixation vulnerability in Archibus web Central 21.3.3.815 In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. | 9.8 |
| 2021-09-07 | CVE-2021-35948 | Session Fixation vulnerability in Owncloud Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. | 5.4 |
| 2021-08-25 | CVE-2021-22237 | Session Fixation vulnerability in Gitlab Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. | 4.9 |