Total
331 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36330 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. | |||||
| CVE-2020-15074 | 1 Openvpn | 1 Openvpn Access Server | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | |||||
| CVE-2020-15269 | 1 Sparksolutions | 1 Spree | 2021-11-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory. | |||||
| CVE-2021-25940 | 1 Arangodb | 1 Arangodb | 2021-11-17 | 6.0 MEDIUM | 8.0 HIGH |
| In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system. | |||||
| CVE-2021-41247 | 1 Jupyter | 1 Jupyterhub | 2021-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out. | |||||
| CVE-2014-3616 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2021-11-10 | 4.3 MEDIUM | N/A |
| nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. | |||||
| CVE-2019-0015 | 1 Juniper | 22 Junos, Srx100, Srx110 and 19 more | 2021-11-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A reboot is required to clear the cached authentication token. Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75; 15.1X49 versions prior to 15.1X49-D150; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. | |||||
| CVE-2021-40849 | 1 Mahara | 1 Mahara | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges. | |||||
| CVE-2021-29868 | 1 Ibm | 1 I2 Ibase | 2021-11-02 | 2.1 LOW | 5.5 MEDIUM |
| IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213. | |||||
| CVE-2021-25970 | 1 Tuzitio | 1 Camaleon Cms | 2021-10-29 | 6.8 MEDIUM | 8.8 HIGH |
| Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed. | |||||
| CVE-2020-1666 | 1 Juniper | 1 Junos Os Evolved | 2021-10-25 | 7.2 HIGH | 6.6 MEDIUM |
| The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO. | |||||
| CVE-2021-35214 | 1 Solarwinds | 1 Pingdom | 2021-10-18 | 1.9 LOW | 4.7 MEDIUM |
| The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021. | |||||
| CVE-2021-20473 | 1 Ibm | 1 Sterling File Gateway | 2021-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944. | |||||
| CVE-2021-24019 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | |||||
| CVE-2021-41100 | 1 Wire | 1 Wire-server | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used. | |||||
| CVE-2021-37333 | 1 Bookingcore | 1 Booking Core | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser. | |||||
| CVE-2021-38823 | 1 Icehrm | 1 Icehrm | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser. | |||||
| CVE-2021-33982 | 1 Myfwc | 1 Fish \| Hunt Fl | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | |||||
| CVE-2020-29012 | 1 Fortinet | 1 Fortisandbox | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | |||||
| CVE-2021-35342 | 1 Northern.tech | 2 Mender, Useradm | 2021-09-01 | 4.3 MEDIUM | 7.5 HIGH |
| The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled). | |||||