• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-384

CVE-2018-15208

February 26, 2023 by

BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.

CVE-2018-1492

February 26, 2023 by

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server’s failure to properly log out from the previous session. IBM X-Force ID: 140977.

CVE-2018-1484

February 26, 2023 by

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969.

CVE-2018-1485

February 26, 2023 by

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 140970.

CVE-2018-1480

February 26, 2023 by

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the ‘HttpOnly’ attribute on authorization tokens or session cookies. If a Cross-Site Scripting vulnerability also existed attackers may be able to get the cookie values via malicious JavaScript and then hijack the user session. IBM X-Force ID: 140762.

CVE-2018-14387

February 26, 2023 by

An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user’s account through the active session. The Session Fixation attack fixes a session on the victim’s browser, so the attack starts before the user logs in.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to page 6
  • Go to page 7
  • Interim pages omitted …
  • Go to page 31
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE