Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2021-46279 MEDIUM

Lanner Inc IAC-AST2500A <1.10.0 - Session Fixation

CVE-2021-38869 CRITICAL

IBM QRadar SIEM <7.5 - Info Disclosure

CVE-2021-39066 HIGH

IBM Financial Transaction Manager 3.2.4 - Info Disclosure

CVE-2021-20151 CRITICAL

Trendnet AC2600 TEW-827DRU <2.08B01 - Session Hijacking

CVE-2021-31745 HIGH

Pluck-CMS Pluck <4.7.15 - Session Fixation

CVE-2021-41246 MEDIUM

Express OpenID Connect <2.5.1 - Session Fixation

CVE-2021-41268 MEDIUM

Symfony/SecurityBundle <5.3.12 - Info Disclosure

CVE-2021-42073 HIGH

Barrier < 2.4.0 - Session Fixation via Client Label Spoofing

CVE-2021-41553 CRITICAL

ARCHIBUS Web Central 21.3.3.815 - Info Disclosure

CVE-2021-35948 MEDIUM

ownCloud Server <10.8.0 - Auth Bypass

CVE-2021-22237 MEDIUM

GitLab <13.12.9, <14.0.7, <14.1.2 - Info Disclosure

CVE-2021-39290 CRITICAL

NetModule <4.3.0.113-4.5.0.105 - Limited Session Fixation

CVE-2021-22927 HIGH

Citrix ADC/Gateway <13.0-82.45 - Session Fixation

CVE-2021-2351 HIGH

Oracle Database Server <19c - Info Disclosure

CVE-2021-32710 MEDIUM

Shopware <6.3.5.2 - Info Disclosure

CVE-2021-35046 MEDIUM

Ice Hrm 29.0.0 - Info Disclosure

CVE-2021-32676 MEDIUM

Nextcloud Talk <9.0.10, 10.0.8, 11.2.2 - Info Disclosure

CVE-2021-33394 MEDIUM

Cubecart 6.4.2 - Session Fixation via Session Cookie Injection

CVE-2020-36913 MEDIUM

All-Dynamics Software enlogic:show 2.0.2 - CSRF

CVE-2020-15679 HIGH

Mozilla VPN <1.2.2 - Session Fixation

CVE-2020-25152 MEDIUM

B. Braun Melsungen AG - Session Fixation

CVE-2020-35229 HIGH

NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 - Privilege Escalation

CVE-2020-35591 MEDIUM

Pi-hole 5.0-5.1.1 - Session Fixation

CVE-2020-4954 MEDIUM

IBM Spectrum Protect Operations Center <8.1 - Auth Bypass

CVE-2020-5021 MEDIUM

IBM Spectrum Protect Plus <10.1.7 - Privilege Escalation

Previous Page 9 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy