Security Bulletin: IBM Aspera Shares improved security for user session handling (CVE-2024-38315)

Summary IBM Aspera Shares has addressed a vulnerability related to user session handling. Vulnerability Details CVEID:CVE-2024-38315 DESCRIPTION: IBM Aspera Shares does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

Security Bulletin: IBM Aspera Shares improved security for user session handling (CVE-2023-38018)

Summary IBM Aspera Shares has addressed a vulnerability related to user session handling. Vulnerability Details CVEID:CVE-2023-38018 DESCRIPTION: IBM Aspera Shares does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system...

Security Bulletin: IBM Aspera Orchestrator improved security for user session handling (CVE-2023-26288, CVE-2023-38001)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to user session handling. Vulnerability Details CVEID:CVE-2023-38001 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized...

GHSA-XMGR-JFF3-FCFV TYPO3 Security Misconfiguration in User Session Handling

When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability...

Security Misconfiguration in User Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-011...

Security Misconfiguration in User Session Handling

When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability...