Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40226 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2025-04-21 | 7.5 High |
| A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. | ||||
| CVE-2017-4963 | 1 Pivotal Software | 3 Cloud Foundry Cf-release, Cloud Foundry Uaa, Cloud Foundry Uaa-release | 2025-04-20 | N/A |
| An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers. | ||||
| CVE-2016-9703 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2025-04-20 | N/A |
| IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. | ||||
| CVE-2016-8638 | 2 Ipsilon Project, Redhat | 2 Ipsilon, Enterprise Linux | 2025-04-20 | N/A |
| A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability." | ||||
| CVE-2017-2145 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. | ||||
| CVE-2017-5141 | 1 Honeywell | 1 Xl Web Ii Controller | 2025-04-20 | N/A |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). | ||||
| CVE-2017-6412 | 1 Sophos | 1 Web Appliance | 2025-04-20 | N/A |
| In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | ||||
| CVE-2016-6043 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | N/A |
| Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. | ||||
| CVE-2016-6040 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | N/A |
| IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced. | ||||
| CVE-2017-1270 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
| IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745. | ||||
| CVE-2016-10205 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | N/A |
| Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | ||||
| CVE-2016-0721 | 3 Clusterlabs, Fedoraproject, Redhat | 3 Pcs, Fedora, Enterprise Linux | 2025-04-20 | N/A |
| Session fixation vulnerability in pcsd in pcs before 0.9.157. | ||||
| CVE-2017-1152 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | N/A |
| IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. | ||||
| CVE-2015-4594 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | N/A |
| eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | ||||
| CVE-2016-9125 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session. | ||||
| CVE-2017-14163 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account. | ||||
| CVE-2015-1820 | 2 Redhat, Rest-client Project | 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more | 2025-04-20 | N/A |
| REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. | ||||
| CVE-2017-0892 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 Low |
| Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | ||||
| CVE-2017-14263 | 1 Honeywell | 14 Enterprise Dvr, Enterprise Dvr Firmware, Fusion Iv Rev C and 11 more | 2025-04-20 | N/A |
| Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. | ||||
| CVE-2017-4014 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-20 | N/A |
| Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request. | ||||