Lucene search
K

216 matches found

Vulnrichment
Vulnrichment
added 2023/12/25 12:0 a.m.12 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

6.8AI score0.00515EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2023/12/13 12:0 a.m.398 views

One Identity Password Manager Kiosk Escape Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...

7.4AI score0.01013EPSS
Exploits1
Citrix
Citrix
added 2023/09/12 12:0 a.m.44 views

Users receive error "Try again after some time or contact your help desk" at login

While accessing ADC Gateway or Authentication page, in certain conditions users received one of these two errors: "Try again after some time or contact your help desk". "Malformed assertion sent to Netscaler" Users redirected to Login page. To validate this is the cause, you can check ADC syslogs...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.3 views

PT-2023-27306 · Unknown · Social Media Skeleton

Name of the Vulnerable Software and Affected Versions: Social media skeleton versions prior to 1.0.5 Description: Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This issue...

9.8CVSS9.4AI score0.00434EPSS
Exploits0References7
Huntr
Huntr
added 2023/08/15 6:29 a.m.10 views

Insufficient Session Expiration

Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This can allow an attacker to hijack the user's session and gain unauthorized access to the application. The web application m...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/04/16 2:15 a.m.1 views

DEBIAN-CVE-2022-37186

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...

5.9CVSS5.9AI score0.00725EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.5 views

SUSE CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

6.9CVSS6.9AI score0.00382EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.3 views

SUSE CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

3.6CVSS6.7AI score0.00282EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/28 12:0 a.m.2 views

PT-2023-13521 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.0.15 Description: The issue occurs when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically, resulting in some sessions not bein...

7.5CVSS7.8AI score0.00725EPSS
Exploits2References21
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.20 views

Security Bulletin: IBM Sterling Connect:Direct Browser user interface has multiple vulnerabilities (CVE-2013-0527 and CVE-2013-0529)

Abstract IBM Sterling Connect:Direct Browser is vulnerable to two information disclosure attacks. Content VULNERABILITY DETAILS: CVE ID : CVE-2013-0527 DESCRIPTION: IBM Sterling Connect:Direct Browser is vulnerable to unauthorized information disclosure as a result of C:D Browser pages being left...

5CVSS5.2AI score0.01354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 1:52 p.m.42 views

Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)

Summary IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system. Vulnerability Details...

9.8CVSS1.7AI score0.00475EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/22 12:0 a.m.6 views

PT-2021-9120 · Rapid7 · Rapid7 Nexpose

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions prior to 6.6.114 Description: The issue allows an attacker to expose information when a user's session has ended due to inactivity. By using the inspect element browser feature, an attacker can remove the login panel a...

5.3CVSS7AI score0.00522EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2021/10/28 9:10 p.m.56 views

CVE-2021-20324

A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation This attack is...

4.2CVSS1.5AI score
Exploits0References1
Citrix
Citrix
added 2021/08/06 12:0 a.m.7 views

Gateway session time out not working as expected

Gateway time session out configured in the session profile doesn't work as expected...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2021/05/14 12:0 a.m.22 views

Elastic Kibana Timeout Bypass Vulnerability (ESA-2021-07)

Kibana is prone to a timeout bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...

3.6CVSS5AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2021/05/13 6:15 p.m.35 views

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

3.6CVSS0.00282EPSS
Exploits0References1
OSV
OSV
added 2021/05/13 6:15 p.m.16 views

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

3.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2021/05/13 6:15 p.m.21 views

Design/Logic Flaw

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

3.6CVSS3.9AI score0.00282EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/13 5:35 p.m.91 views

CVE-2021-22136

Summary of CVE-2021-22136 : A timeout-bypass vulnerability in Kibana affects versions before 7.12.0 and 6.8.15 where the xpack.security.session.idleTimeout is not respected due to background polling, allowing sessions to outlive intended timeouts. Reported in the NVD/NVD-derived entry for Kibana,...

3.6CVSS3.8AI score0.00282EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/13 5:35 p.m.42 views

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

4.1AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder