CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

532 vulnerabilities with CWE-613
CVE-2021-43791 MEDIUM
Zulip < 4.8 - Insufficient Session Expiration in Account Registration Flow
CVSS 6.5
CVE-2021-36330 HIGH
Dell EMC Streaming Data Platform <1.3 - Privilege Escalation
CVSS 8.1
CVE-2021-42545 HIGH
TopEase < 7.1.27 - Insufficient Session Expiration
CVSS 8.1
CVE-2021-25985 HIGH
Factor 1.0.4-1.8.30 - Insufficient Session Expiration in Local Storage
CVSS 7.8
CVE-2021-25940 HIGH
ArangoDB 3.7.6-3.8.3 - Insufficient Session Expiration
CVSS 8.8
CVE-2021-25979 CRITICAL
Apostrophecms < 3.3.1 - Insufficient Session Expiration
CVSS 9.8
CVE-2021-41247 LOW
JupyterHub 1.0.0-1.5.0 - Insufficient Session Expiration via Multiple JupyterLab Tabs
CVSS 3.5
CVE-2021-34739 HIGH
Cisco Small Business Series Switches < 2.5 - Insufficient Session Expiration
CVSS 8.1
CVE-2021-40849 CRITICAL
Mahara <20.04.5-21.10.0 - Info Disclosure
CVSS 9.8
CVE-2021-29868 MEDIUM
IBM i2 iBase 8.9.13 and 9.0.0 - Insufficient Session Expiration
CVSS 5.5
CVE-2021-25970 HIGH
Camaleon CMS 0.1.7-2.6.0 - Insufficient Session Expiration
CVSS 8.8
CVE-2021-35214 MEDIUM
SolarWinds Pingdom - Info Disclosure
CVSS 4.8
CVE-2021-25966 HIGH
Orchard Core CMS 1.0.0-beta1-3383-1.0.0 - Insufficient Session Expiration
CVSS 8.8
CVE-2021-20473 MEDIUM
IBM Sterling File Gateway UI <6.1.1.0 - Privilege Escalation
CVSS 6.5
CVE-2021-24019 HIGH
FortiClientEMS < 6.4.2 and <= 6.2.8 - Insufficient Session Expiration
CVSS 8.1
CVE-2021-41100 HIGH
wire-server < 2021-08-16 - Account Takeover via Short-Lived Session Token
CVSS 7.4
CVE-2021-38823 CRITICAL
icehrm 30.0.0 - Insufficient Session Expiration
CVSS 9.8
CVE-2021-37333 CRITICAL
Booking Core 2.0 - Insufficient Session Expiration
CVSS 9.8
CVE-2021-33982 HIGH
Fish | Hunt FL < 3.8.0 - Insufficient Session Expiration
CVSS 7.5
CVE-2021-39113 HIGH
Atlassian Jira Server/Data Center <8.13.9 & 8.14.0-8.17.9 - Unauthenticated Broken Access Control
CVSS 7.5
CVE-2021-35342 HIGH
Northern.tech Mender Enterprise <2.7.1-2.6.1 - Auth Bypass
CVSS 7.5
CVE-2021-30943 MEDIUM
iPadOS < 15.2 - Insufficient Session Expiration in Messages Group Handling
CVSS 4.3
CVE-2021-37693 MEDIUM
Discourse < 2.7.8 - Insufficient Session Expiration via Email Verification Token
CVSS 5.3
CVE-2021-37156 HIGH
Redmine 4.2.0-4.2.1 - Insufficient Session Expiration upon Two-Factor Authentication Enablement
CVSS 7.5
CVE-2021-33322 HIGH
Liferay Portal <7.3.0 - Liferay DXP <7.2.5 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 532
Links
MITRE CWE Entry Search this CWE With Exploits