579 matches found
CVE-2017-18905
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...
CVE-2017-18905
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...
Design/Logic Flaw
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...
CVE-2017-18905
Mattermost Server before 4.0.0, 3.10.2, and 3.9.2 has an issue where session invalidation is mishandled when the server is used as an OAuth 2.0 service provider. This is documented across multiple sources (NVD entry CVE-2017-18905 and vendor/OSV advisories), all describing the same vulnerability ...
IBM MobileFirst Foundation Licensing Issues Vulnerability
IBM MobileFirst Foundation is a suite of platforms for building and deploying next-generation digital applications from IBM in the United States. IBM MobileFirst Foundation suffers from an authorization issue vulnerability that arises from the program not properly invalidating a session cookie...
CVE-2020-4253
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559...
CVE-2020-4253
IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559...
CVE-2020-1768 External Interface does not invalidate session
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions...
Hiro: Invalidate active sessions after password change
Vulnerability description not provided...
Liberapay: Invalidate session after password reset
Website doesn't invalidate session after the password is reset which can enable attacker to continue using the compromised session. Steps: 1 Open same accounts in two different browsers 2 Change password in one browser and you will see that another browser still validate the session after passwor...
Authorization
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...
CVE-2019-2386
CVE-2019-2386 affects MongoDB Server: after user deletions, improper invalidation of authorization sessions can allow a previously active session to persist and merge with new accounts if names are reused. Impact details in the sources indicate affected versions are MongoDB Server v4.0 before 4.0...
CVE-2019-4439
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...
CVE-2019-4439
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...
Design/Logic Flaw
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...
CVE-2019-4439
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...
CVE-2019-4439
The CVE-2019-4439 issue affects IBM Cloud Private 3.1.0–3.1.2, where sessions are not invalidated after logout, enabling a local user to impersonate another user. Root cause: logout does not terminate the session. Impact is Local, with partial confidentiality, integrity, and availability concerns...
Security Bulletin: IBM Cloud Private - Session not invalidated on logout (CVE-2019-4439)
Summary IBM Cloud Private - Session not invalidated on logout CVE-2019-4439 Vulnerability Details CVEID: CVE-2019-4439 DESCRIPTION: IBM Cloud private does not invalidate session after logout which could allow a local user to impersonate another user on the system. CVSS Base Score: 5.9 CVSS Tempor...
Incorrect Session Invalidation
Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...
Incorrect Session Invalidation
Contao has done incorrect session invalidation. It does not perform correct session invalidation for existing sessions when users update their passwords in frontend or backend...