VYPR

CWE-384

Session Fixation

CompoundIncomplete

Description

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-196 · CAPEC-21 · CAPEC-31 · CAPEC-39 · CAPEC-59 · CAPEC-60 · CAPEC-61

CVEs mapped to this weakness (205)

page 6 of 11
  • CVE-2023-30307MedMay 28, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2025-64100MedOct 29, 2025
    risk 0.33cvss 6.1epss 0.00

    CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The…

  • CVE-2016-6040MedFeb 1, 2017
    risk 0.33cvss 5.0epss 0.01

    IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.

  • CVE-2025-12390MedOct 28, 2025
    risk 0.32cvss 6.0epss 0.00

    A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser…

  • CVE-2026-33384MedMay 29, 2026
    risk 0.31cvss epss 0.00

    QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in…

  • CVE-2026-33946MedMar 27, 2026
    risk 0.31cvss 5.9epss 0.00

    MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack…

  • CVE-2025-70973MedMar 9, 2026
    risk 0.31cvss 4.8epss 0.00

    ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once…

  • CVE-2018-1000602MedJun 26, 2018
    risk 0.31cvss 5.9epss 0.01

    A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.

  • CVE-2017-10890MedNov 17, 2017
    risk 0.30cvss 4.6epss 0.00

    Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows…

  • CVE-2026-53900MedJun 16, 2026
    risk 0.28cvss 4.3epss 0.00

    Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0.

  • CVE-2024-2639MedMar 19, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The…

  • CVE-2017-1368MedAug 6, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user…

  • CVE-2018-1492MedJul 10, 2018
    risk 0.28cvss 4.3epss 0.00

    IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.

  • CVE-2017-1152MedApr 14, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.

  • CVE-2026-41839MedJun 9, 2026
    risk 0.27cvss 4.2epss 0.00

    A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0…

  • CVE-2025-4644MedAug 29, 2025
    risk 0.27cvss epss 0.00

    A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the…

  • CVE-2017-0892LowMay 8, 2017
    risk 0.23cvss 3.5epss 0.01

    Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

  • CVE-2018-11567LowMay 30, 2018
    risk 0.22cvss 3.3epss 0.01

    Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input;…

  • CVE-2025-43516LowDec 12, 2025
    risk 0.21cvss 3.3epss 0.00

    A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user's activity.

  • CVE-2017-1270LowDec 20, 2017
    risk 0.21cvss 3.3epss 0.00

    IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.