CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

531 vulnerabilities with CWE-613
CVE-2024-39809 HIGH
F5 BIG-IP Next Central Manager - Insufficient Session Expiration
CVSS 7.5
CVE-2024-42447 CRITICAL
Apache Airflow Providers FAB - Info Disclosure
CVSS 9.8
CVE-2024-29070 CRITICAL
Apache StreamPark 1.0.0-2.1.3 - Insufficient Session Expiration
CVSS 9.1
CVE-2024-41827 HIGH
JetBrains TeamCity < 2024.07 - Insufficient Session Expiration
CVSS 7.4
CVE-2024-27782 HIGH
Fortinet FortiAIOps <2.0.0 - Info Disclosure
CVSS 8.1
CVE-2024-36041 HIGH
KSmserver <5.27.11.1-6.0.5.1 - Privilege Escalation
CVSS 7.8
CVE-2024-5995 HIGH
Soar Cloud HR Portal - Info Disclosure
CVSS 8.8
CVE-2024-36523 MEDIUM
Wvp GB28181 Pro 2.0 - Info Disclosure
CVSS 6.5
CVE-2024-35206 HIGH
SINEC Traffic Analyzer < 1.2 - Insufficient Session Expiration
CVSS 7.7
CVE-2024-4680 HIGH
zenml 0.56.3 - Insufficient Session Expiration after Password Change
CVSS 8.8
CVE-2024-35220 HIGH
fastify/session < 10.9.0 - Insufficient Session Expiration via Cookie Restore
CVSS 7.4
CVE-2024-35050 HIGH
SurveyKing 1.3.1 - Privilege Escalation via Reused Session ID
CVSS 8.8
CVE-2024-35049 CRITICAL
SurveyKing 1.3.1 - Insufficient Session Expiration
CVSS 9.1
CVE-2024-35048 MEDIUM
SurveyKing 1.3.1 - Insufficient Session Expiration
CVSS 4.3
CVE-2024-34709 MEDIUM
Directus < 10.11.0 - Insufficient Session Expiration via JWT Token
CVSS 5.4
CVE-2024-34092 HIGH
Archer Platform <2024.04 - Privilege Escalation
CVSS 8.8
CVE-2024-29402 MEDIUM
cskefu v7 - Insufficient Session Expiration
CVSS 4.3
CVE-2024-22358 MEDIUM
IBM UrbanCode Deploy <7.3.2.4 - Privilege Escalation
CVSS 6.3
CVE-2024-31999 HIGH
@festify/secure-session - Info Disclosure
CVSS 7.4
CVE-2024-31995 MEDIUM
@digitalbazaar/zcap <9.0.1 - Info Disclosure
CVSS 4.3
CVE-2024-30262 MEDIUM
Contao < 4.13.40 - Insufficient Session Expiration via Remember-Me Tokens
CVSS 5.9
CVE-2024-31447 MEDIUM
Shopware 6.3.5.0-6.5.8.7 - Insufficient Session Expiration via Store-API Logout
CVSS 5.3
CVE-2024-25954 MEDIUM
Dell PowerScale OneFS 9.5.0.x-9.7.0.x - Unauthenticated Denial of Service via Insufficient Session Expiration
CVSS 5.3
CVE-2024-29401 CRITICAL
xzs-mysql 3.8 - Insufficient Session Expiration
CVSS 9.8
CVE-2024-1623 HIGH
Sagemcom F@ST 3686 Firmware < 3.709.2 - Insufficient Session Expiration in Login/Logout Handler
CVSS 7.7
Details
Vulnerabilities 531
Links
MITRE CWE Entry Search this CWE With Exploits