Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2018-1948 MEDIUM

IBM Security Identity Governance and Intelligence <5.2.4.1 - Open R...

CVE-2018-20238 HIGH

Atlassian Crowd <3.2.7, >3.3.0-<3.3.4 - Auth Bypass

CVE-2018-1962 MEDIUM

IBM Security Identity Manager <7.0.1 - Info Disclosure

CVE-2018-17199 HIGH

Apache HTTP Server <2.4.38 - Info Disclosure

CVE-2018-1000409 MEDIUM

Jenkins < 2.138.1, < 2.145 - Session Fixation via User Signup

CVE-2018-1804 LOW

IBM Security Access Manager Appliance <9.0.5.0 - Info Disclosure

CVE-2018-1485 LOW

IBM BigFix Platform <9.2.14, <9.5.9 - Privilege Escalation

CVE-2018-1484 LOW

IBM BigFix Platform <9.2.14, <9.5.9 - Open Redirect

CVE-2018-1480 MEDIUM

IBM BigFix Platform <9.2.14, <9.5.9 - Info Disclosure

CVE-2018-13337 MEDIUM

TerraMaster TOS <3.1.03 - Info Disclosure

CVE-2018-19443 MEDIUM

Tryton 5.x <5.0.1 - Info Disclosure

CVE-2018-6434 HIGH

Brocade Fabric OS <8.2.1-7.4.2d - Info Disclosure

CVE-2018-18926 CRITICAL

Gitea < 1.5.4 - Remote Code Execution via Session ID Handling

CVE-2018-18925 CRITICAL

Gogs < 0.11.66 - Remote Code Execution via Session File Forgery

CVE-2018-13282 MEDIUM

Synology Photo Station <6.8.7-3481 - Info Disclosure

CVE-2018-16463 LOW

Nextcloud Server <14.0.0-12.0.8 - Info Disclosure

CVE-2018-18380 MEDIUM

BigTree CMS < 4.2.24 - Session Fixation via admin.php

CVE-2018-17902 MEDIUM

Yokogawa STARDOM Controllers FCJ FCN-100 FCN-RTU FCN-500 < R4.10 - Denial of Service via Session Management

CVE-2018-9082 HIGH

Iomega LenovoEMC NAS <4.1.402.34662 - Privilege Escalation

CVE-2018-8852 HIGH

Philips e-Alert Unit <R2.1 - Info Disclosure

CVE-2018-1127 MEDIUM

Red Hat Gluster Storage <3.4.0 - Info Disclosure

CVE-2018-5385 HIGH

Navarino Infinity - Session Fixation

CVE-2018-14387 HIGH

WonderCMS < 2.5.2 - Session Fixation

CVE-2018-1492 MEDIUM

IBM Jazz Foundation - Privilege Escalation

CVE-2018-1000602 MEDIUM

Jenkins SAML Plugin <1.0.6 - Privilege Escalation

Previous Page 13 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy