CWE:
 

Topic
Date
Author
Low
OpenVPN Access Server 2.1.4 CRLF Injection
27.05.2017
SYSDREAM
Med.
Horsys v8 multiple vulnerabilities
23.06.2016
Florian Nivette
Med.
FancyFon FAMOC 3.16.5 Session Fixation
28.01.2015
Matthias Deeg
Med.
Jasper Server 5.5 Session Fixation
11.05.2014
Felipe Andrian Peixoto


CVEMAP Search Results

CVE
Details
Description
2019-04-03
Medium
CVE-2015-5384

Vendor: Axiomsl
Software: Axiom
 

 
AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier is vulnerable to a Session Fixation attack.

 
2019-04-02
Low
CVE-2018-1626

Vendor: IBM
Software: Security pri...
 

 
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 144411.

 
2019-04-01
Medium
CVE-2019-5523

Updating...
 

 
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.

 
2019-03-29
Medium
CVE-2017-18105

Vendor: Atlassian
Software: Crowd
 

 
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.

 
2019-03-26
Medium
CVE-2019-9744

Vendor: Phoenixcontact
Software: Fl nat smcs ...
 

 
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.

 
2019-03-07
Low
CVE-2019-3784

Updating...
 

 
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.

 
2019-02-21
Low
CVE-2018-1948

Updating...
 

 
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 153428.

 
2019-02-18
Medium
CVE-2019-0102

Updating...
 

 
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

 
2019-02-13
Medium
CVE-2018-20238

Vendor: Atlassian
Software: Crowd
 

 
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

 
2019-02-11
Medium
CVE-2019-7747

Vendor: Dbninja
Software: Dbninja
 

 
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top