SUSE CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

SUSE CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

PT-2023-13521 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.0.15 Description: The issue occurs when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically, resulting in some sessions not bein...

Security Bulletin: IBM Sterling Connect:Direct Browser user interface has multiple vulnerabilities (CVE-2013-0527 and CVE-2013-0529)

Abstract IBM Sterling Connect:Direct Browser is vulnerable to two information disclosure attacks. Content VULNERABILITY DETAILS: CVE ID : CVE-2013-0527 DESCRIPTION: IBM Sterling Connect:Direct Browser is vulnerable to unauthorized information disclosure as a result of C:D Browser pages being left...

Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)

Summary IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system. Vulnerability Details...

PT-2021-9120 · Rapid7 · Rapid7 Nexpose

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions prior to 6.6.114 Description: The issue allows an attacker to expose information when a user's session has ended due to inactivity. By using the inspect element browser feature, an attacker can remove the login panel a...

CVE-2021-20324

A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation This attack is...

Gateway session time out not working as expected

Gateway time session out configured in the session profile doesn't work as expected...

Elastic Kibana Timeout Bypass Vulnerability (ESA-2021-07)

Kibana is prone to a timeout bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

Design/Logic Flaw

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

CVE-2021-22136

Summary of CVE-2021-22136 : A timeout-bypass vulnerability in Kibana affects versions before 7.12.0 and 6.8.15 where the xpack.security.session.idleTimeout is not respected due to background polling, allowing sessions to outlive intended timeouts. Reported in the NVD/NVD-derived entry for Kibana,...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

Elastic Stack Kibana 代码问题漏洞

Elastic Stack Kibana is an application from the American company Elastic Stack. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through Elastic Stack. A security vulnerability exists in Kibana prior to versions 7.12.0 and 6.8.15. The...

CVE-2021-22136

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...

CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

Design/Logic Flaw

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...

CVE-2020-14247

HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID...