ReportizFlow
Filtered by vendor
Subscriptions
Total
357 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2059 | 1 Openstack | 1 Keystone | 2024-11-21 | N/A |
| OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | ||||
| CVE-2012-4413 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
| OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. | ||||
| CVE-2009-20001 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 8.1 High |
| An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. | ||||
| CVE-2021-35473 | 1 Lemonldap-ng | 1 Lemonldap-ng | 2024-11-19 | 9.1 Critical |
| An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4. | ||||
| CVE-2024-11208 | 1 Apereo | 2 Cas Server, Central Authentication Service | 2024-11-19 | 3.7 Low |
| A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-52553 | 1 Jenkins | 1 Openid | 2024-11-15 | 8.8 High |
| Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. | ||||
| CVE-2024-46892 | 1 Siemens | 1 Sinec Ins | 2024-11-14 | 4.9 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled. | ||||
| CVE-2024-46040 | 2024-11-05 | 6.5 Medium | ||
| IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired. | ||||
| CVE-2024-48926 | 1 Umbraco | 1 Umbraco Cms | 2024-10-25 | 4.2 Medium |
| Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. | ||||
| CVE-2024-48827 | 1 Sbondco | 1 Watcharr | 2024-10-15 | 8.8 High |
| An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. | ||||
| CVE-2024-23586 | 1 Hcltech | 3 Domino, Hcl Nomad, Nomad Server On Domino | 2024-10-07 | 5.3 Medium |
| HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information. | ||||
| CVE-2024-8888 | 1 Circutor | 3 Circutor Q Smt, Q-smt, Q-smt Firmware | 2024-10-01 | 10 Critical |
| An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc. | ||||
| CVE-2022-38382 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-21 | 4.7 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672. | ||||
| CVE-2024-38315 | 1 Ibm | 1 Aspera Shares | 2024-09-20 | 6.3 Medium |
| IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2024-32006 | 2024-09-10 | 4.3 Medium | ||
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication. | ||||
| CVE-2022-45862 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2024-08-22 | 3.5 Low |
| An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. | ||||
| CVE-2024-39809 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-22 | 7.5 High |
| The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||