CWE:
 

Topic
Date
Author
Low
OpenVPN Access Server 2.1.4 CRLF Injection
27.05.2017
SYSDREAM
Med.
Horsys v8 multiple vulnerabilities
23.06.2016
Florian Nivette
Med.
FancyFon FAMOC 3.16.5 Session Fixation
28.01.2015
Matthias Deeg
Med.
Jasper Server 5.5 Session Fixation
11.05.2014
Felipe Andrian Peixoto


CVEMAP Search Results

CVE
Details
Description
2019-10-04
Medium
CVE-2019-4227

Vendor: IBM
Software: MQ
 

 
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.

 
2019-09-30
Medium
CVE-2019-4304

Vendor: IBM
Software: Websphere ap...
 

 
IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

 
2019-09-26
Medium
CVE-2019-6161

Updating...
 

 
An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.

 
2019-09-25
Low
CVE-2019-12203

Vendor: Silverstripe
Software: Silverstripe
 

 
SilverStripe through 4.3.3 allows session fixation in the "change password" form.

 
2019-09-06
Medium
CVE-2019-13517

Updating...
 

 
In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory user account changes when the device is joined to an AD domain.

 
2019-08-09
High
CVE-2019-5406

Vendor: HP
Software: 3par storese...
 

 
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

 
Medium
CVE-2019-5400

Updating...
 

 
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

 
Medium
CVE-2019-12258

Vendor: Siemens
Software: Siprotec 5 f...
 

 
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

 
2019-08-07
Medium
CVE-2019-10371

Vendor: Jenkins
Software: Gitlab oauth
 

 
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

 
2019-08-02
Medium
CVE-2019-7849

Vendor: Magento
Software: Magento
 

 
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top