Vulnerabilities > Session Fixation

DATE CVE VULNERABILITY TITLE RISK
2021-02-15 CVE-2020-4954 Session Fixation vulnerability in IBM Spectrum Protect Operations Center
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation .
low complexity
ibm CWE-384
5.4
2021-01-08 CVE-2020-5021 Session Fixation vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system.
local
low complexity
ibm CWE-384
4.4
2020-12-23 CVE-2020-25198 Session Fixation vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
network
low complexity
moxa CWE-384
8.8
2020-12-21 CVE-2020-4555 Session Fixation vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-384
5.4
2020-11-06 CVE-2020-5645 Session Fixation vulnerability in Mitsubishielectric Coreos 05.65.00.Bd
Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
7.5
2020-11-02 CVE-2020-5654 Session Fixation vulnerability in Mitsubishielectric products
Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
network
low complexity
mitsubishielectric CWE-384
7.5
2020-10-29 CVE-2019-4563 Session Fixation vulnerability in IBM Security Directory Server 6.4.0.0
IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies.
network
low complexity
ibm CWE-384
5.3
2020-10-19 CVE-2020-15909 Session Fixation vulnerability in Solarwinds N-Central
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access.
network
low complexity
solarwinds CWE-384
8.8
2020-08-05 CVE-2020-4243 Session Fixation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens.
network
high complexity
ibm CWE-384
3.7
2020-07-20 CVE-2020-4527 Session Fixation vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode.
network
high complexity
ibm CWE-384
5.9