CWE-384 (会话固定) — Vulnerability Class 145

145 vulnerabilities classified as CWE-384 (会话固定). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-0251	HCL IEM is affected by a concurrent login vulnerability — IEM	2.6	Low	2025-07-25
CVE-2025-36117	IBM Db2 Mirror for i session fixation — Db2 Mirror for i	6.3	Medium	2025-07-23
CVE-2025-52689	Weak Session ID Check in the OmniAccess Stellar Web Management Interface — OmniAccess Stellar Products	9.8	Critical	2025-07-16
CVE-2025-53021	Moodle 授权问题漏洞 — Moodle	4.2	Medium	2025-06-24
CVE-2024-13967	ession-Management Failure — EIBPORT V3 KNX	8.8	High	2025-06-04
CVE-2024-49709	XSS in iKSORIS — iKSORIS	8.8^AI	High^AI	2025-04-14
CVE-2025-0126	PAN-OS: Session Fixation Vulnerability in GlobalProtect SAML Login — Cloud NGFW	8.8^AI	High^AI	2025-04-11
CVE-2025-29928	authentik's deletion of sessions did not revoke sessions when using database session storage — authentik	8.0	High	2025-03-28
CVE-2025-26658	Broken Authentication in SAP Business One (Service Layer) — SAP Business One (Service Layer)	6.8	Medium	2025-03-11
CVE-2025-1412	Session Persistence After User-to-Bot Conversion — Mattermost	3.1	Low	2025-02-24
CVE-2024-49344	IBM OpenPages session fixation — OpenPages with Watson	4.3	Medium	2025-02-20
CVE-2024-42207	HCL iAutomate is affected by a session fixation vulnerability — iAutomate	5.5	Medium	2025-02-05
CVE-2024-42171	HCL MyXalytics is affected by insufficient session expiration — DRYiCE MyXalytics	6.4	Medium	2025-01-11
CVE-2024-42170	HCL MyXalytics is affected by a session fixation vulnerability — DRYiCE MyXalytics	6.8	Medium	2025-01-11
CVE-2024-13279	Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043 — Two-factor Authentication (TFA)	7.1	-	2025-01-09
CVE-2024-56733	Password Pusher Allows Session Token Interception Leading to Potential Hijacking — PasswordPusher	5.7	Medium	2024-12-30
CVE-2024-28144	Broken Access Control — Scan2Net	9.8	-	2024-12-12
CVE-2024-11317	PHP Session Fixation — ASPECT-Enterprise	10.0	Critical	2024-12-05
CVE-2021-3740	Session Fixation in chatwoot/chatwoot — chatwoot/chatwoot	7.1^AI	High^AI	2024-11-15
CVE-2023-50176	Fortinet FortiOS 授权问题漏洞 — FortiOS	7.1	High	2024-11-12
CVE-2024-10318	NGINX OpenID Connect Vulnerability — NGINX OpenID Connect	5.4	Medium	2024-11-06
CVE-2024-23590	Apache Kylin: Session fixation in web interface — Apache Kylin	9.8^AI	Critical^AI	2024-11-04
CVE-2024-48929	Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out — Umbraco-CMS	4.2	Medium	2024-10-22
CVE-2024-10158	PHPGurukul Boat Booking System session_start session fixiation — Boat Booking System	4.3	Medium	2024-10-19
CVE-2024-8643	Session Hijacking in Oceanic Software's ValeApp — ValeApp	8.8^AI	High^AI	2024-09-27
CVE-2024-45368	AutomationDirect DirectLogic H2-DM1E Session Fixation — DirectLogic H2-DM1E	8.8	High	2024-09-13
CVE-2024-42345	Siemens SINEMA Remote Connect Server 授权问题漏洞 — SINEMA Remote Connect Server	4.3	Medium	2024-09-10
CVE-2024-7341	Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters	7.1	High	2024-09-09
CVE-2023-38018	IBM Aspera Shares session fixation — Aspera Shares	6.3	Medium	2024-08-09
CVE-2024-38513	Fiber Session Middleware Token Injection Vulnerability — fiber	10.0	Critical	2024-07-01

Vulnerabilities classified as CWE-384 (会话固定) represent 145 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Support Us — Your donation helps us keep running

CWE-384 (会话固定) — Vulnerability Class 145