Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2020-25198 HIGH

MOXA NPort IAW5000A-I/O <2.1 - Session Fixation

CVE-2020-4555 MEDIUM

IBM Financial Transaction Manager <3.1.0 - Privilege Escalation

CVE-2020-5645 HIGH

GT14 GOT 1000 series - Info Disclosure

CVE-2020-5654 HIGH

MELSEC iQ-R Series Firmware - Unauthenticated Session Fixation via TCP/IP Function

CVE-2020-15909 HIGH

SolarWinds N-central <2020.1 - Session Hijacking

CVE-2020-10714 HIGH

WildFly Elytron <1.11.3.Final - Privilege Escalation

CVE-2020-6302 HIGH

SAP Commerce <2005 - Session Fixation

CVE-2020-4243 LOW

IBM Security Identity Governance and Intelligence <5.2.6 - Info Dis...

CVE-2020-4527 MEDIUM

IBM Planning Analytics 2.0 - Info Disclosure

CVE-2020-6290 MEDIUM

SAP Disclosure Mgmt <10.1 - Session Fixation

CVE-2020-5596 HIGH

Mitsubishi Electric GOT2000 CoreOS -Y - Session Fixation via Crafted Packet

CVE-2020-15018 MEDIUM

playSMS <= 1.4.3 - Session Fixation

CVE-2020-4229 HIGH

IBM Worklight/MobileFoundation 8.0.0.0 - Privilege Escalation

CVE-2020-13229 HIGH

Sysax Multi Server 6.90 - Info Disclosure

CVE-2020-8434 CRITICAL

Jenzabar JICS <9.0.1-9.2.2 - Info Disclosure

CVE-2020-12258 CRITICAL

rConfig 3.9.4 - Session Fixation via PHPSESSID

CVE-2020-1993 LOW

PAN-OS <8.1.14, <9.0.8 - Session Fixation

CVE-2020-5894 HIGH

NGINX Controller <3.3.0 - Info Disclosure

CVE-2020-12467 MEDIUM

Subrion CMS 4.2.1 - Session Fixation

CVE-2020-1762 HIGH

Kiali 0.4.0-1.15.0 - Insufficient Session Expiration via JWT Validation Bypass

CVE-2020-6824 LOW

Firefox < 75.0 - Session Fixation via Password Generation in Private Browsing Mode

CVE-2020-11729 CRITICAL

DAViCal AWL <0.60 - Info Disclosure

CVE-2020-11728 HIGH

DAViCal AWL <0.60 - Info Disclosure

CVE-2020-8826 HIGH

Argo CD < 1.5.0 - Session Fixation via Immutable Authentication Tokens

CVE-2020-4291 MEDIUM

IBM Security Information Queue <1.0.6 - Info Disclosure

Previous Page 10 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy