CVE-2023-31140 OpenProject user sessions not terminated after activation of 2FA

OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...

PT-2005-2716 · Bea · Weblogic Express +1

Name of the Vulnerable Software and Affected Versions: BEA WebLogic Server and WebLogic Express versions 7.0 through Service Pack 5 Description: The issue allows users to continue accessing an application without having to log in again after the application is redeployed. This may violate newly...