CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

532 vulnerabilities with CWE-613
CVE-2023-23614 HIGH
Pi-hole Web Interface 4.0-5.18.2 - Insufficient Session Expiration via Remember Me Cookie
CVSS 8.8
CVE-2023-22732 LOW
Shopware < 6.4.18.1 - Insufficient Session Expiration in Administration
CVSS 3.7
CVE-2023-0227 MEDIUM
pyload <0.5.0b3.dev36 - Info Disclosure
CVSS 6.5
CVE-2023-22492 MEDIUM
ZITADEL 2.0.0-2.16.3 and 2.17.0-2.17.2 - Insufficient Session Expiration via Refresh Token
CVSS 5.9
CVE-2022-50692 HIGH
SOUND4 IMPACT/FIRST/PULSE/Eco <2 - Info Disclosure
CVSS 7.5
CVE-2022-45862 LOW
FortiOS <7.2.6, FortiProxy <7.4.0, FortiSwitchManager <7.2.2, FortiPAM <1.4.0 - GUI Session Expiration Issue
CVSS 3.7
CVE-2022-38382 MEDIUM
IBM Cloud Pak for Security <1.10.11.0 & QRadar Suite Software <1.10...
CVSS 4.7
CVE-2022-32759 MEDIUM
IBM Security Directory Integrator 7.2.0 & Verify Directory Integrator 10.0.0 - Insufficient Session Expiration
CVSS 5.3
CVE-2022-3916 MEDIUM
Keycloak < 20.0.2 - Insufficient Session Expiration via Offline Access Scope
CVSS 6.8
CVE-2022-38707 MEDIUM
IBM Cognos Command Center 10.2.4.1 - Info Disclosure
CVSS 4.0
CVE-2022-37186 MEDIUM
LemonLDAP::NG < 2.0.15 - Insufficient Session Expiration
CVSS 5.9
CVE-2022-48317 MEDIUM
Checkmk <= 2.1.0p10 and <= 2.0.0p28 - Insufficient Session Expiration in RestAPI
CVSS 5.6
CVE-2022-34392 MEDIUM
Dell SupportAssist for Home PCs < 3.11.4 - Authenticated Insufficient Session Expiration
CVSS 5.5
CVE-2022-24895 MEDIUM
Symfony 2.0.0-4.4.49 - Insufficient Session Expiration via CSRF Token Preservation
CVSS 6.3
CVE-2022-46177 MEDIUM
Discourse <2.8.14 - stable & <3.0.0.beta16 - beta & tests-passed - ...
CVSS 5.7
CVE-2022-43844 HIGH
IBM Robotic Process Automation for Cloud Pak <21.0.3 - Privilege Es...
CVSS 8.8
CVE-2022-22371 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.1 - Insufficient Session Expiration after Password Change
CVSS 5.5
CVE-2022-47406 MEDIUM
Change password for frontend users < 2.0.5 and 3.0.0-3.0.3 - Insufficient Session Expiration
CVSS 5.4
CVE-2022-23502 MEDIUM
TYPO3 10.0.0-10.4.32 - Insufficient Session Expiration in Password Recovery
CVSS 5.4
CVE-2022-40228 LOW
IBM DataPower Gateway Insufficient Session Expiration
CVSS 3.7
CVE-2022-36179 CRITICAL
Fusiondirectory 1.3 - Privilege Escalation
CVSS 9.8
CVE-2022-4070 CRITICAL
librenms/librenms <22.10.0 - Info Disclosure
CVSS 9.8
CVE-2022-3362 CRITICAL
GitHub rdiffweb <2.5.0 - Info Disclosure
CVSS 9.8
CVE-2022-3867 LOW
HashiCorp Nomad <1.4.2 - Info Disclosure
CVSS 2.7
CVE-2022-40230 MEDIUM
IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS - Insufficient Session Expiration
CVSS 6.5
Details
Vulnerabilities 532
Links
MITRE CWE Entry Search this CWE With Exploits