Vulnerabilities > Session Fixation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-22 | CVE-2021-35046 | Session Fixation vulnerability in Icehrm 29.0.0.Os A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. | 6.1 |
| 2021-05-27 | CVE-2021-33394 | Session Fixation vulnerability in Cubecart 6.4.2 Cubecart 6.4.2 allows Session Fixation. | 5.4 |
| 2021-05-26 | CVE-2018-16495 | Session Fixation vulnerability in Versa-Networks Versa Operating System 20.2.0/21.1.0 In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. | 8.8 |
| 2021-03-10 | CVE-2020-35229 | Session Fixation vulnerability in Netgear Gs116E Firmware and Jgs516Pe Firmware The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges. | 8.8 |
| 2021-02-26 | CVE-2019-18946 | Session Fixation vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. | 4.8 |
| 2021-02-18 | CVE-2020-35591 | Session Fixation vulnerability in Pi-Hole 5.0/5.1/5.1.1 Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. | 5.4 |
| 2021-02-15 | CVE-2020-4954 | Session Fixation vulnerability in IBM Spectrum Protect Operations Center IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . | 5.4 |
| 2021-01-08 | CVE-2020-5021 | Session Fixation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. | 4.4 |
| 2020-12-23 | CVE-2020-25198 | Session Fixation vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. | 8.8 |
| 2020-12-21 | CVE-2020-4555 | Session Fixation vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.4 |