Lucene search
K

579 matches found

NVD
NVD
added 2020/06/19 8:15 p.m.15 views

CVE-2017-18905

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...

5.3CVSS0.00769EPSS
Exploits0References1
OSV
OSV
added 2020/06/19 8:15 p.m.18 views

CVE-2017-18905

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...

5.3CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/06/19 8:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...

5CVSS5.3AI score0.00769EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/19 7:17 p.m.47 views

CVE-2017-18905

Mattermost Server before 4.0.0, 3.10.2, and 3.9.2 has an issue where session invalidation is mishandled when the server is used as an OAuth 2.0 service provider. This is documented across multiple sources (NVD entry CVE-2017-18905 and vendor/OSV advisories), all describing the same vulnerability ...

5.3CVSS5.3AI score0.00769EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/06/08 12:0 a.m.1 views

IBM MobileFirst Foundation Licensing Issues Vulnerability

IBM MobileFirst Foundation is a suite of platforms for building and deploying next-generation digital applications from IBM in the United States. IBM MobileFirst Foundation suffers from an authorization issue vulnerability that arises from the program not properly invalidating a session cookie...

7.5CVSS6.8AI score0.0085EPSS
Exploits0References1
OSV
OSV
added 2020/03/24 4:15 p.m.4 views

CVE-2020-4253

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559...

8.8CVSS6.7AI score0.00902EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/24 3:20 p.m.13 views

CVE-2020-4253

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559...

6.3CVSS8.2AI score0.00902EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/07 3:42 p.m.26 views

CVE-2020-1768 External Interface does not invalidate session

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions...

5.4CVSS5.4AI score0.00747EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/10/17 6:23 p.m.5 views

Hiro: Invalidate active sessions after password change

Vulnerability description not provided...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/08/21 4:31 a.m.17 views

Liberapay: Invalidate session after password reset

Website doesn't invalidate session after the password is reset which can enable attacker to continue using the compromised session. Steps: 1 Open same accounts in two different browsers 2 Change password in one browser and you will see that another browser still validate the session after passwor...

2.2AI score
Exploits0
Prion
Prion
added 2019/08/06 7:15 p.m.11 views

Authorization

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

6CVSS6.6AI score0.01225EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/08/06 6:32 p.m.316 views

CVE-2019-2386

CVE-2019-2386 affects MongoDB Server: after user deletions, improper invalidation of authorization sessions can allow a previously active session to persist and merge with new accounts if names are reused. Impact details in the sources indicate affected versions are MongoDB Server v4.0 before 4.0...

7.1CVSS6.9AI score0.01225EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/07/25 3:15 p.m.5 views

CVE-2019-4439

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...

5.3CVSS6.1AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2019/07/25 3:15 p.m.15 views

CVE-2019-4439

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...

5.9CVSS5.2AI score0.00287EPSS
Exploits0References2
Prion
Prion
added 2019/07/25 3:15 p.m.11 views

Design/Logic Flaw

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...

4.6CVSS5AI score0.00287EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/25 2:30 p.m.16 views

CVE-2019-4439

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...

5.9CVSS5AI score0.00287EPSS
Exploits0References2
CVE
CVE
added 2019/07/25 2:30 p.m.47 views

CVE-2019-4439

The CVE-2019-4439 issue affects IBM Cloud Private 3.1.0–3.1.2, where sessions are not invalidated after logout, enabling a local user to impersonate another user. Root cause: logout does not terminate the session. Impact is Local, with partial confidentiality, integrity, and availability concerns...

5.9CVSS5AI score0.00287EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/23 7:15 p.m.18 views

Security Bulletin: IBM Cloud Private - Session not invalidated on logout (CVE-2019-4439)

Summary IBM Cloud Private - Session not invalidated on logout CVE-2019-4439 Vulnerability Details CVEID: CVE-2019-4439 DESCRIPTION: IBM Cloud private does not invalidate session after logout which could allow a local user to impersonate another user on the system. CVSS Base Score: 5.9 CVSS Tempor...

5.9CVSS0.3AI score0.00287EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2019/05/02 5:42 a.m.20 views

Incorrect Session Invalidation

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...

6CVSS5.4AI score0.0243EPSS
Exploits1References17Affected Software181
Veracode
Veracode
added 2019/04/15 2:41 a.m.16 views

Incorrect Session Invalidation

Contao has done incorrect session invalidation. It does not perform correct session invalidation for existing sessions when users update their passwords in frontend or backend...

9.8CVSS9.2AI score0.01048EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder