CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

533 vulnerabilities with CWE-613
CVE-2020-15220 MEDIUM
Combodo iTop <2.7.2, 3.0.0 - Info Disclosure
CVSS 6.1
CVE-2020-15218 MEDIUM
Combodo iTop <2.7.2, 3.0.0 - Info Disclosure
CVSS 6.8
CVE-2020-29667 CRITICAL
Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure
CVSS 9.8
CVE-2020-4696 MEDIUM
IBM Cloud Pak for Security 1.3.0.1 - Insufficient Session Expiration
CVSS 4.3
CVE-2020-13353 LOW
Gitaly 1.79.0-13.3.9 - Insufficient Session Expiration via URL Repository Import
CVSS 2.5
CVE-2020-27422 CRITICAL
Anuko Time Tracker <1.19.23.5311 - Info Disclosure
CVSS 9.8
CVE-2020-23140 HIGH
Microweber 1.1.18 - Info Disclosure
CVSS 8.1
CVE-2020-23136 MEDIUM
Microweber v1.1.18 - Info Disclosure
CVSS 5.5
CVE-2020-15950 HIGH
Immuta 2.8.2 - Insufficient Session Expiration
CVSS 8.8
CVE-2020-25374 LOW
CyberArk Privileged Session Manager 10.9.0.15 - Full Path Disclosure via Error Popup
CVSS 2.6
CVE-2020-24713 HIGH
Gophish < 0.10.1 - Insufficient Session Expiration
CVSS 7.5
CVE-2020-27739 CRITICAL
Citadel WebCit <= 926 - Unauthenticated Session Hijacking via Weak Session Management
CVSS 9.8
CVE-2020-15269 HIGH
Spree <3.7.11, <4.0.4, <4.1.11 - Info Disclosure
CVSS 7.4
CVE-2020-1666 MEDIUM
Juniper Junos OS Evolved 18.4R1-EVO-20.2R1-EVO - Unauthenticated Session Resumption via Console Disconnect
CVSS 6.6
CVE-2020-6363 MEDIUM
SAP Commerce Cloud - Insufficient Session Expiration
CVSS 4.6
CVE-2020-4395 MEDIUM
IBM Security Access Manager Appliance 9.0.7 - Insufficient Session Expiration
CVSS 5.4
CVE-2020-4780 MEDIUM
IBM Curam Social Program Management 7.0.9-7.0.10 - Insufficient Session Expiration via Missing Secure Cookie Attribute
CVSS 5.3
CVE-2020-15774 MEDIUM
Gradle Enterprise 2018.5-2020.2.4 - Insufficient Session Expiration
CVSS 6.8
CVE-2020-13307 LOW
GitLab <13.1.10-13.3.4 - Privilege Escalation
CVSS 3.8
CVE-2020-13305 LOW
GitLab <13.1.10-13.3.4 - Info Disclosure
CVSS 3.5
CVE-2020-13302 LOW
GitLab <13.1.10-13.3.4 - Privilege Escalation
CVSS 3.8
CVE-2020-13299 HIGH
GitLab <13.1.10-13.3.4 - Info Disclosure
CVSS 8.1
CVE-2020-8234 CRITICAL
The EdgeMax EdgeSwitch <v1.9.1 - Command Injection
CVSS 9.8
CVE-2020-5774 HIGH
Nessus < 8.11.0 - Insufficient Session Expiration
CVSS 7.1
CVE-2020-17474 CRITICAL
ZKTeco FaceDepot <7B-1.0.213 & ZKBiosecurity - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 533
Links
MITRE CWE Entry Search this CWE With Exploits