CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

509 vulnerabilities with CWE-613
CVE-2024-49825 MEDIUM
IBM Robotic Process Automation <21.0.7.20,23.0.20 - Privilege Escal...
CVSS 6.3
CVE-2024-25051 MEDIUM
IBM Jazz Reporting Service 7.0.2-7.0.3 - Privilege Escalation
CVSS 6.6
CVE-2024-57056 MEDIUM
WombatDialer <25.02 - Info Disclosure
CVSS 5.4
CVE-2024-45386 HIGH
SIMATIC PCS neo, SIMOCODE ES, SIRIUS Safety ES, SIRIUS Soft Starter...
CVSS 8.8
CVE-2024-13280 CRITICAL
Drupal Persistent Login <2.2.2 - Info Disclosure
CVSS 9.8
CVE-2024-45033 HIGH
Apache Airflow Fab Provider <1.5.2 - Info Disclosure
CVSS 8.1
CVE-2024-11627 MEDIUM
Progress Sitefinity < 14.4.8143 - Insufficient Session Expiration
CVSS 6.8
CVE-2024-56413 MEDIUM
Acronis Cyber Protect <16 - Info Disclosure
CVSS 6.1
CVE-2024-56351 MEDIUM
Jetbrains Teamcity < 2024.12 - Insufficient Session Expiration
CVSS 6.3
CVE-2024-55603 MEDIUM
Kanboard < 1.2.43 - Insufficient Session Expiration
CVSS 6.5
CVE-2024-12667 LOW
Invoiceplane < 1.6.1 - Insufficient Session Expiration
CVSS 3.7
CVE-2024-11668 MEDIUM
GitLab CE/EE <17.4.5-17.6.1 - Auth Bypass
CVSS 4.2
CVE-2024-35160 MEDIUM
IBM Big Sql - Insufficient Session Expiration
CVSS 4.3
CVE-2024-11208 LOW
Apereo Central Authentication Service - Insufficient Session Expiration
CVSS 3.7
CVE-2024-52553 HIGH
Jenkins Openid Connect Authentication - Insufficient Session Expira...
CVSS 8.8
CVE-2024-46892 MEDIUM
Siemens Sinec Ins < 1.0 - Insufficient Session Expiration
CVSS 4.9
CVE-2024-52311 MEDIUM
Data All - Auth Bypass
CVSS 6.3
CVE-2024-48926 MEDIUM
Umbraco Cms < 8.18.15 - Insufficient Session Expiration
CVSS 4.2
CVE-2024-45462 MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Info Disclosure
CVSS 6.3
CVE-2024-48827 HIGH
Sbond Watcharr - Insufficient Session Expiration
CVSS 8.8
CVE-2024-46040 MEDIUM
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 - Info Disclosure
CVSS 6.5
CVE-2024-43685 CRITICAL
Microchip Timeprovider 4100 Firmware - Insufficient Session Expiration
CVSS 9.8
CVE-2024-23586 MEDIUM
Hcltech Hcl Nomad < 1.0.13 - Insufficient Session Expiration
CVSS 5.3
CVE-2024-8888 CRITICAL
Circutor Q-smt Firmware - Insufficient Session Expiration
CVSS 10.0
CVE-2024-38315 MEDIUM
IBM Aspera Shares <1.11 - Privilege Escalation
CVSS 6.3
Details
Vulnerabilities 509
Links
MITRE CWE Entry Search this CWE With Exploits