CWE:
 

Tytuł
Data
Autor
Low
MailDepot 2032 SP2 Session Expiration
30.09.2020
Micha Borrmann
Low
Microsoft Office 365 Enterprise E3 Insufficient Session Expiration
09.07.2017
Micha Borrmann


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-08-08
Waiting for details
CVE-2022-2713

Updating...
 

 
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

 
2022-08-04
Waiting for details
CVE-2022-35728

Updating...
 

 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

 
2022-07-13
Waiting for details
CVE-2022-31145

Updating...
 

 
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin as the OAuth2 Authorization Server are unaffected by this issue. A patch is available on the `master` branch of the repository. As a workaround, rotating signing keys immediately will invalidate all open sessions and force all users to attempt to obtain new tokens. Those who use this workaround should continue to rotate keys until FlyteAdmin has been upgraded and hide FlyteAdmin deployment ingress URL from the internet.

 
2022-07-12
Medium
CVE-2022-33137

Updating...
 

 
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.

 
2022-07-05
Waiting for details
CVE-2022-2306

Updating...
 

 
Old session tokens can be used to authenticate to the application and send authenticated requests.

 
2022-06-20
Medium
CVE-2022-22318

Updating...
 

 
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

 
Medium
CVE-2022-22317

Updating...
 

 
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.

 
2022-06-14
Waiting for details
CVE-2022-31050

Updating...
 

 
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

 
2022-06-02
Low
CVE-2022-30277

Vendor: BD
Software: Synapsys
 

 

 
2022-05-17
Medium
CVE-2022-23669

Vendor: Arubanetworks
Software: Clearpass po...
 

 
A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top