CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

509 vulnerabilities with CWE-613
CVE-2024-25954 MEDIUM
Dell Powerscale Onefs < 9.5.0.8 - Insufficient Session Expiration
CVSS 5.3
CVE-2024-29401 CRITICAL
xzs-mysql 3.8 - Info Disclosure
CVSS 9.8
CVE-2024-1623 HIGH
Sagemcom F@st 3686 Firmware - Insufficient Session Expiration
CVSS 7.7
CVE-2024-20301 MEDIUM
Cisco Duo Authentication For Windows Logon And RDP < 4.3.0 - Insufficient Session Expiration
CVSS 6.2
CVE-2024-1900 MEDIUM
Devolutions Server < 2023.3.16.0 - Insufficient Session Expiration
CVSS 5.5
CVE-2024-21722 MEDIUM
Joomla! < 3.10.15 - Insufficient Session Expiration
CVSS 6.3
CVE-2024-22543 MEDIUM
Linksys Router E1700 <1.0.04 - Privilege Escalation
CVSS 6.1
CVE-2024-27455 CRITICAL
Bentley ALIM Web - Info Disclosure
CVSS 9.1
CVE-2024-21492 MEDIUM
Authcrunch Caddy-security - Insufficient Session Expiration
CVSS 4.8
CVE-2024-25628 HIGH
Alf.io <2.0-M4-2402 - Auth Bypass
CVSS 7.6
CVE-2024-25619 LOW
Mastodon - Info Disclosure
CVSS 3.1
CVE-2024-0008 MEDIUM
Paloaltonetworks Pan-os < 10.2.5 - Insufficient Session Expiration
CVSS 6.6
CVE-2024-22389 HIGH
BIG-IP - Info Disclosure
CVSS 7.2
CVE-2024-25718 CRITICAL
Dropbox Samly < 1.4.0 - Insufficient Session Expiration
CVSS 9.8
CVE-2024-0944 LOW
Totolink T8 4.1.5cu.833_20220905 - Session Expiration
CVSS 3.7
CVE-2024-0943 LOW
Totolink N350RT 9.3.5u.6255 - Session Expiration
CVSS 3.7
CVE-2024-0942 LOW
Totolink N200RE V5 9.3.5u.6255_B20211224 - Session Expiration
CVSS 3.7
CVE-2024-22403 LOW
Nextcloud <28.0.0 - Info Disclosure
CVSS 3.0
CVE-2024-0350 LOW
Engineers Online Portal - Insufficient Session Expiration
CVSS 3.1
CVE-2024-0260 MEDIUM
Engineers Online Portal - Insufficient Session Expiration
CVSS 4.3
CVE-2023-49881 MEDIUM
IBM Transformation Extender Advanced - Insufficient Session Expiration
CVSS 6.3
CVE-2023-26288 MEDIUM
IBM Aspera Orchestrator 4.0.1 - Privilege Escalation
CVSS 5.5
CVE-2023-40695 MEDIUM
IBM Cognos Controller <11.0.0 - Privilege Escalation
CVSS 6.3
CVE-2023-45600 MEDIUM
Ailux Imx6 < 1.0.7-2 - Insufficient Session Expiration
CVSS 5.6
CVE-2023-50270 MEDIUM
Apache Dolphinscheduler < 3.2.1 - Insufficient Session Expiration
CVSS 6.5
Details
Vulnerabilities 509
Links
MITRE CWE Entry Search this CWE With Exploits