CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

531 vulnerabilities with CWE-613
CVE-2024-20301 MEDIUM
Cisco Duo Authentication For Windows Logon And RDP < 4.3.0 - Insufficient Session Expiration
CVSS 6.2
CVE-2024-1900 MEDIUM
Devolutions Server < 2023.3.16.0 - Authenticated Insufficient Session Expiration in Identity Provider Flow
CVSS 5.5
CVE-2024-21722 MEDIUM
Joomla! 3.2.0-3.10.14 - Insufficient Session Expiration in MFA Management
CVSS 6.3
CVE-2024-22543 MEDIUM
Linksys Router E1700 <1.0.04 - Privilege Escalation
CVSS 6.1
CVE-2024-27455 CRITICAL
Bentley ALIM Web - Unauthenticated Session Token Exposure via File Download
CVSS 9.1
CVE-2024-21492 MEDIUM
caddy-security - Insufficient Session Expiration via Logout Endpoint
CVSS 4.8
CVE-2024-25628 HIGH
Alf.io < 2.0-m4-2402 - Insufficient Session Expiration
CVSS 7.6
CVE-2024-25619 LOW
Mastodon < 3.5.18 - Insufficient Session Expiration via OAuth Application Destruction
CVSS 3.1
CVE-2024-0008 MEDIUM
PAN-OS >=10.2.0 <10.2.5 - Insufficient Session Expiration
CVSS 6.6
CVE-2024-22389 HIGH
F5 BIG-IP - Insufficient Session Expiration via iControl REST API Token Sync
CVSS 7.2
CVE-2024-25718 CRITICAL
Samly < 1.4.0 - Insufficient Session Expiration via Cached Session Handling
CVSS 9.8
CVE-2024-0944 LOW
Totolink T8 4.1.5cu.833_20220905 - Session Expiration
CVSS 3.7
CVE-2024-0943 LOW
Totolink N350RT 9.3.5u.6255 - Session Expiration
CVSS 3.7
CVE-2024-0942 LOW
Totolink N200RE V5 9.3.5u.6255_B20211224 - Session Expiration
CVSS 3.7
CVE-2024-22403 LOW
Nextcloud <28.0.0 - Info Disclosure
CVSS 3.0
CVE-2024-0350 LOW
Engineers Online Portal 1.0 - Insufficient Session Expiration
CVSS 3.1
CVE-2024-0260 MEDIUM
Engineers Online Portal 1.0 - Insufficient Session Expiration in Password Change Component
CVSS 4.3
CVE-2023-49881 MEDIUM
IBM Transformation Extender Advanced 10.0.1 - Insufficient Session Expiration
CVSS 6.3
CVE-2023-26288 MEDIUM
IBM Aspera Orchestrator 4.0.1 - Privilege Escalation
CVSS 5.5
CVE-2023-40695 MEDIUM
IBM Cognos Controller <11.0.0 - Privilege Escalation
CVSS 6.3
CVE-2023-45600 MEDIUM
AiLux imx6 < 1.0.7-2 - Session Hijacking via Insufficient Session Expiration
CVSS 5.6
CVE-2023-50270 MEDIUM
Apache DolphinScheduler 1.3.8-3.2.0 - Insufficient Session Expiration
CVSS 6.5
CVE-2023-45718 LOW
HCL Sametime 11.5-12.0.1 - Insufficient Session Expiration in Web Client
CVSS 3.9
CVE-2023-45187 MEDIUM
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 - Insufficient Session Expiration
CVSS 6.3
CVE-2023-50936 MEDIUM
IBM PowerSC 1.3, 2.0, and 2.1 - Authenticated Session Fixation via Insufficient Session Expiration
CVSS 6.3
Details
Vulnerabilities 531
Links
MITRE CWE Entry Search this CWE With Exploits