CVE-2020-11795

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly...

CSRF Token Information Disclosure in MC

Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...

Security Bulletin: IBM Integration Bus is affected by WebAdmin Session Timeout vulnerability (CVE-2017-1693)

Summary IBM Integration Bus has addressed the following vulnerability Vulnerability Details CVEID: CVE-2017-1693 DESCRIPTION: IBM Integration Bus could allow an attacker that has captured a valid session id to highjack another users session during a small timeframe before the session times out...

UBUNTU-CVE-2020-1768

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions...

Qualys Cloud Platform (VM, PC) 8.20 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.20, includes several new features in Qualys Cloud Platform and additional support for multiple technologies in Qualys Policy Compliance. Feature Highlights Qualys Cloud Platform Configure Password Expiration Notification – Now users...

Pydio Core <= 8.2.2 Information Disclosure Vulnerability - Active Check

Pydio Core is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pydio:pydio";...

CVE-2019-10046

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

Information disclosure

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

CVE-2019-10046

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

CVE-2019-10046

CVE-2019-10046 affects Pydio 8.2.2 and is an information-disclosure vulnerability where an unauthenticated attacker can obtain details about the application configuration (e.g., session timeout, libraries, license information). Public sources (NVD, RH Red Hat advisory, OpenVAS entry) describe it ...

CVE-2019-5626 BlueCats Reveal Android App Insecure Storage

The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage 30 days of no user activity. This can allow an attacker to compromise the affected BlueCats networ...

Traq 3.7.1 CSRF / XSS / SQL Injection Vulnerabilities

Exploit for php platform in category web applications ================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers...

Traq 3.7.1 CSRF / XSS / SQL Injection

================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers [email protected] twitter.com/matthewjland...

Error: "Cannot Complete Your Request" Due to Incorrect Session Timeout Settings on StoreFront

The following error is displayed due to incorrect session time out settings on StoreFront: Cannot Complete Your Request...

Cisco Umbrella Dashboard Session Expiration Issue

Cisco Umbrella uses the internet infrastructure to block connections to malicious destinations before any connections to those destinations can be established. Cisco Umbrella also provides visibility into internet activity across all devices and all ports, even when users are no longer connected ...

IBM Integration Bus Session Hijacking Vulnerability

IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. A session hijacking vulnerability...

Low: Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update

An update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager version 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ovirt-engine: webadmin log out must logout all sessions

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period...

Users prompted for the message "Please close your browser to protect your account"

When using Storefront and SAML or smart card authentication, after the user logs off or the session times out, if the user tries to log back in an error is displayed. With Smartcard the error is You cannot log on using a smart card Please close your browser to protect your account SAML...

F5 with StoreFront session timeout closing active sessions

When the StoreFront session times out, it's closing active ICA sessions. We found the issue is only happening when authenticating via F5 frontend. When Authenticating via F5. After 20 minutes the Citrix Desktop and storefront session shuts down. After 17 minutes, a 3 mins countdown starts in the...