CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384
CVE-2024-56529 HIGH
Mailcow <2024-11b - Session Fixation
CVSS 7.1
CVE-2024-57052 CRITICAL
youediancms <9.5.20 - Privilege Escalation
CVSS 9.8
CVE-2024-42171 MEDIUM
HCL MyXalytics - Session Fixation via Crafted URL
CVSS 6.4
CVE-2024-42170 MEDIUM
HCL MyXalytics - Session Fixation via Crafted URL Session Token
CVSS 6.8
CVE-2024-13279 CRITICAL
Drupal TFA <1.8.0 - Session Fixation
CVSS 9.8
CVE-2024-56733 MEDIUM
Password Pusher <1.50.3 - Info Disclosure
CVSS 5.7
CVE-2024-28144 MEDIUM
Image Access Scan2Net 7.42B - Session Takeover
CVSS 5.5
CVE-2024-50339 MEDIUM
GLPI 9.5.0-10.0.16 - Unauthenticated Session ID Exposure and Hijacking
CVSS 5.3
CVE-2024-11317 CRITICAL
ABB ASPECT Enterprise and MATRIX Series - Session Fixation
CVSS 10.0
CVE-2024-10318 MEDIUM
NGINX OpenID Connect - Session Fixation
CVSS 5.4
CVE-2024-23590 CRITICAL
Apache Kylin <5.0.0 - Session Fixation
CVSS 9.1
CVE-2024-48929 MEDIUM
Umbraco <13.5.2-10.8.7 - Info Disclosure
CVSS 4.2
CVE-2024-10158 MEDIUM
PHPGurukul Boat Booking System 1.0 - Session Fixation
CVSS 4.3
CVE-2024-8643 CRITICAL
Oceanic Software ValeApp <2.0.0 - Session Fixation
CVSS 9.8
CVE-2024-45368 HIGH
DirectLogic H2-DM1E < 2.8.0 - Session Fixation via Authentication Protocol Anomaly
CVSS 8.8
CVE-2024-42345 MEDIUM
SINEMA Remote Connect Server <V3.2 SP2 - Auth Bypass
CVSS 4.3
CVE-2024-7341 HIGH
Keycloak - Session Fixation via SAML Adapter
CVSS 7.1
CVE-2024-37829 HIGH
Outline <= 0.76.1 - Session Fixation via Crafted Magic Sign-In Link
CVSS 8.8
CVE-2024-38513 CRITICAL
Fiber < 2.52.5 - Session Fixation via User-Supplied Session ID
CVSS 10.0
CVE-2024-24552 HIGH
Bludit 3.14.0-3.14.9 - Session Fixation
CVSS 8.8
CVE-2024-25977 HIGH
HAWKI - Session Fixation via Login/Logout Functionality
CVSS 7.3
CVE-2024-23193 MEDIUM
OX App Suite < 8.22 - Unauthorized E-Mail Exposure via PDF Export Cache
CVSS 5.3
CVE-2024-2260 MEDIUM
zenml < 0.56.2 - Session Fixation via JWT Token Reuse
CVSS 4.2
CVE-2024-0157 MEDIUM
Dell Storage Resource Manager <4.9.0.0 - Privilege Escalation
CVSS 5.9
CVE-2024-30262 MEDIUM
Contao < 4.13.40 - Insufficient Session Expiration via Remember-Me Tokens
CVSS 5.9
Details
Vulnerabilities 404
Links
MITRE CWE Entry Search this CWE With Exploits