Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-02 | CVE-2021-39066 | Session Fixation vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. | 6.5 |
| 2022-01-21 | CVE-2022-22551 | Session Fixation vulnerability in Dell EMC Appsync DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. | 5.8 |
| 2021-12-30 | CVE-2021-20151 | Session Fixation vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. | 7.5 |
| 2021-12-10 | CVE-2021-31745 | Session Fixation vulnerability in Pluck-Cms Pluck 4.7.15 Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. | 5.0 |
| 2021-12-09 | CVE-2021-41246 | Session Fixation vulnerability in Auth0 Express Openid Connect Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. | 6.8 |
| 2021-11-24 | CVE-2021-41268 | Session Fixation vulnerability in Sensiolabs Symfony Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. | 6.5 |
| 2021-11-08 | CVE-2021-42073 | Session Fixation vulnerability in Barrier Project Barrier An issue was discovered in Barrier before 2.4.0. | 8.2 |
| 2021-10-05 | CVE-2021-41553 | Session Fixation vulnerability in Archibus web Central 21.3.3.815 In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. | 9.8 |
| 2021-09-07 | CVE-2021-35948 | Session Fixation vulnerability in Owncloud Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. | 5.8 |
| 2021-08-25 | CVE-2021-22237 | Session Fixation vulnerability in Gitlab Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. | 4.0 |