Common Weakness Enumeration

CWE-613

Allowed-with-Review

Insufficient Session Expiration

Abstraction: Base · Status: Incomplete

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

876 vulnerabilities reference this CWE, most recent first.

CVE-2022-3867 (GCVE-0-2022-3867)

Vulnerability from cvelistv5 – Published: 2022-11-10 05:45 – Updated: 2025-05-01 19:04
VLAI
Title
Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected
Summary
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
HashiCorp Nomad Affected: 1.4.0
Affected: 1.4.1
Create a notification for this product.
HashiCorp Nomad Enterprise Affected: 1.4.0
Affected: 1.4.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:20:58.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3867",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-01T19:03:58.553932Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-01T19:04:09.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Nomad",
          "repo": "https://github.com/hashicorp/nomad",
          "vendor": "HashiCorp",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "status": "affected",
              "version": "1.4.1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Nomad Enterprise",
          "vendor": "HashiCorp",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.0"
            },
            {
              "status": "affected",
              "version": "1.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2."
            }
          ],
          "value": "HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-10T05:45:53.550Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2022-3867",
    "datePublished": "2022-11-10T05:45:53.550Z",
    "dateReserved": "2022-11-04T22:54:20.822Z",
    "dateUpdated": "2025-05-01T19:04:09.365Z",
    "requesterUserId": "5311d85b-fc2e-473d-9ddd-71031e52448b",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3362 (GCVE-0-2022-3362)

Vulnerability from cvelistv5 – Published: 2022-11-14 00:00 – Updated: 2025-04-30 17:48
VLAI
Title
Insufficient Session Expiration in ikus060/rdiffweb
Summary
Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
ikus060 ikus060/rdiffweb Affected: unspecified , < 2.5.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:07:06.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/ca428c31-858d-47fa-adc9-2a59f8e8b2b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ikus060/rdiffweb/commit/6efb995bc32c8a8e9ad755eb813dec991dffb2b8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3362",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T17:48:18.272596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T17:48:44.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ikus060/rdiffweb",
          "vendor": "ikus060",
          "versions": [
            {
              "lessThan": "2.5.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-14T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/ca428c31-858d-47fa-adc9-2a59f8e8b2b1"
        },
        {
          "url": "https://github.com/ikus060/rdiffweb/commit/6efb995bc32c8a8e9ad755eb813dec991dffb2b8"
        }
      ],
      "source": {
        "advisory": "ca428c31-858d-47fa-adc9-2a59f8e8b2b1",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in ikus060/rdiffweb"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-3362",
    "datePublished": "2022-11-14T00:00:00.000Z",
    "dateReserved": "2022-09-29T00:00:00.000Z",
    "dateUpdated": "2025-04-30T17:48:44.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2888 (GCVE-0-2022-2888)

Vulnerability from cvelistv5 – Published: 2022-09-21 11:25 – Updated: 2025-05-28 15:22
VLAI
Title
Insufficient Session Expiration in octoprint/octoprint
Summary
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
octoprint octoprint/octoprint Affected: unspecified , < 1.8.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:52:59.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2888",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T15:22:05.235332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T15:22:09.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "octoprint/octoprint",
          "vendor": "octoprint",
          "versions": [
            {
              "lessThan": "1.8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "If an attacker comes into the possession of a victim\u0027s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim\u0027s account exists."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-21T11:25:08.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
        }
      ],
      "source": {
        "advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in octoprint/octoprint",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2888",
          "STATE": "PUBLIC",
          "TITLE": "Insufficient Session Expiration in octoprint/octoprint"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "octoprint/octoprint",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.8.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "octoprint"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an attacker comes into the possession of a victim\u0027s OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim\u0027s account exists."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613 Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"
            },
            {
              "name": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4",
              "refsource": "MISC",
              "url": "https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"
            }
          ]
        },
        "source": {
          "advisory": "d27d232b-2578-4b32-b3b4-74aabdadf629",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2888",
    "datePublished": "2022-09-21T11:25:08.000Z",
    "dateReserved": "2022-08-18T00:00:00.000Z",
    "dateUpdated": "2025-05-28T15:22:09.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2713 (GCVE-0-2022-2713)

Vulnerability from cvelistv5 – Published: 2022-08-08 14:30 – Updated: 2026-03-27 19:44
VLAI
Title
Insufficient Session Expiration in cockpit-hq/cockpit
Summary
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
cockpit-hq cockpit-hq/cockpit Affected: unspecified , < 2.2.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:46:03.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2713",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T19:44:04.654214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T19:44:14.574Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cockpit-hq/cockpit",
          "vendor": "cockpit-hq",
          "versions": [
            {
              "lessThan": "2.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-08T14:30:13.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b"
        }
      ],
      "source": {
        "advisory": "3080fc96-75d7-4868-84de-9fc8c9b90290",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in cockpit-hq/cockpit",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2713",
          "STATE": "PUBLIC",
          "TITLE": "Insufficient Session Expiration in cockpit-hq/cockpit"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "cockpit-hq/cockpit",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "cockpit-hq"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613 Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290"
            },
            {
              "name": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b",
              "refsource": "MISC",
              "url": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b"
            }
          ]
        },
        "source": {
          "advisory": "3080fc96-75d7-4868-84de-9fc8c9b90290",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2713",
    "datePublished": "2022-08-08T14:30:13.000Z",
    "dateReserved": "2022-08-08T00:00:00.000Z",
    "dateUpdated": "2026-03-27T19:44:14.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-2306 (GCVE-0-2022-2306)

Vulnerability from cvelistv5 – Published: 2022-07-05 08:30 – Updated: 2024-08-03 00:32
VLAI
Title
Insufficient Session Expiration in heroiclabs/nakama
Summary
Old session tokens can be used to authenticate to the application and send authenticated requests.
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
heroiclabs heroiclabs/nakama Affected: unspecified , < 3.13.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "heroiclabs/nakama",
          "vendor": "heroiclabs",
          "versions": [
            {
              "lessThan": "3.13.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Old session tokens can be used to authenticate to the application and send authenticated requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-05T08:30:11.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166"
        }
      ],
      "source": {
        "advisory": "35acf263-6db4-4310-ab27-4c3c3a53f796",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in heroiclabs/nakama",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2306",
          "STATE": "PUBLIC",
          "TITLE": "Insufficient Session Expiration in heroiclabs/nakama"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "heroiclabs/nakama",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.13.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "heroiclabs"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Old session tokens can be used to authenticate to the application and send authenticated requests."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613 Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796"
            },
            {
              "name": "https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166",
              "refsource": "MISC",
              "url": "https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166"
            }
          ]
        },
        "source": {
          "advisory": "35acf263-6db4-4310-ab27-4c3c3a53f796",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2306",
    "datePublished": "2022-07-05T08:30:11.000Z",
    "dateReserved": "2022-07-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:32:09.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2064 (GCVE-0-2022-2064)

Vulnerability from cvelistv5 – Published: 2022-06-13 11:45 – Updated: 2024-08-03 00:24
VLAI
Title
Insufficient Session Expiration in nocodb/nocodb
Summary
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
nocodb nocodb/nocodb Affected: unspecified , < 0.91.7+ (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.195Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nocodb/nocodb",
          "vendor": "nocodb",
          "versions": [
            {
              "lessThan": "0.91.7+",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-13T11:45:15.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b"
        }
      ],
      "source": {
        "advisory": "39523d51-fc5c-48b8-a082-171da79761bb",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in nocodb/nocodb",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-2064",
          "STATE": "PUBLIC",
          "TITLE": "Insufficient Session Expiration in nocodb/nocodb"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "nocodb/nocodb",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.91.7+"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "nocodb"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613 Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb"
            },
            {
              "name": "https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b",
              "refsource": "MISC",
              "url": "https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b"
            }
          ]
        },
        "source": {
          "advisory": "39523d51-fc5c-48b8-a082-171da79761bb",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2064",
    "datePublished": "2022-06-13T11:45:15.000Z",
    "dateReserved": "2022-06-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0991 (GCVE-0-2022-0991)

Vulnerability from cvelistv5 – Published: 2022-03-19 07:35 – Updated: 2024-08-02 23:47
VLAI
Title
Insufficient Session Expiration in admidio/admidio
Summary
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
admidio admidio/admidio Affected: unspecified , < 4.1.9 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "admidio/admidio",
          "vendor": "admidio",
          "versions": [
            {
              "lessThan": "4.1.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-19T07:35:09.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a"
        }
      ],
      "source": {
        "advisory": "1c406a4e-15d0-4920-8495-731c48473ba4",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in admidio/admidio",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-0991",
          "STATE": "PUBLIC",
          "TITLE": "Insufficient Session Expiration in admidio/admidio"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "admidio/admidio",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.1.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "admidio"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613 Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4"
            },
            {
              "name": "https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a",
              "refsource": "MISC",
              "url": "https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a"
            }
          ]
        },
        "source": {
          "advisory": "1c406a4e-15d0-4920-8495-731c48473ba4",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0991",
    "datePublished": "2022-03-19T07:35:09.000Z",
    "dateReserved": "2022-03-15T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:47:42.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-47740 (GCVE-0-2021-47740)

Vulnerability from cvelistv5 – Published: 2025-12-31 18:40 – Updated: 2026-01-02 20:42
VLAI
Title
KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
Summary
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
KZ Broadband Technologies, Ltd. JT3500V Affected: 2.0.1B1064
Affected: 2.0.1B1047
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM6200M Affected: 2.0.0B3210
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM6000N Affected: 2.0.0B3042
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM5000W Affected: 2.0.0B3037
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM4200M Affected: 2.0.0B2996
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM4100V Affected: 2.0.0B2988
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM3500MW Affected: 2.0.0B1092
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM3410V Affected: 2.0.0B1085
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM3300V Affected: 2.0.0B1060
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM3100E Affected: 2.0.0B981
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM3100V Affected: 2.0.0B946
Create a notification for this product.
KZ Broadband Technologies, Ltd. AM3000M Affected: 2.0.0B21
Create a notification for this product.
KZ Broadband Technologies, Ltd. KZ7621U Affected: 2.0.0B14
Create a notification for this product.
KZ Broadband Technologies, Ltd. KZ3220M Affected: 2.0.0B04
Create a notification for this product.
KZ Broadband Technologies, Ltd. KZ3120R Affected: 2.0.0B01
Create a notification for this product.
Date Public
2021-03-18 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47740",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-02T20:42:28.575250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-02T20:42:41.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JT3500V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.1B1064"
            },
            {
              "status": "affected",
              "version": "2.0.1B1047"
            }
          ]
        },
        {
          "product": "AM6200M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B3210"
            }
          ]
        },
        {
          "product": "AM6000N",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B3042"
            }
          ]
        },
        {
          "product": "AM5000W",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B3037"
            }
          ]
        },
        {
          "product": "AM4200M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B2996"
            }
          ]
        },
        {
          "product": "AM4100V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B2988"
            }
          ]
        },
        {
          "product": "AM3500MW",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B1092"
            }
          ]
        },
        {
          "product": "AM3410V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B1085"
            }
          ]
        },
        {
          "product": "AM3300V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B1060"
            }
          ]
        },
        {
          "product": "AM3100E",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B981"
            }
          ]
        },
        {
          "product": "AM3100V",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B946"
            }
          ]
        },
        {
          "product": "AM3000M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B21"
            }
          ]
        },
        {
          "product": "KZ7621U",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B14"
            }
          ]
        },
        {
          "product": "KZ3220M",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B04"
            }
          ]
        },
        {
          "product": "KZ3120R",
          "vendor": "KZ Broadband Technologies, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0B01"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2021-03-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T18:40:53.590Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Zero Science Lab Disclosure (ZSL-2021-5646)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5646.php"
        },
        {
          "name": "Packet Storm Security Exploit Entry",
          "tags": [
            "exploit"
          ],
          "url": "https://packetstormsecurity.com/files/161892/"
        },
        {
          "name": "IBM X-Force Vulnerability Exchange Entry",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198471"
        },
        {
          "name": "KZ TECH Vendor Homepage",
          "tags": [
            "product"
          ],
          "url": "http://www.kzbtech.com/"
        },
        {
          "name": "JATON TEC Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.jatontech.com/"
        },
        {
          "name": "Neotel Vendor Homepage",
          "tags": [
            "product"
          ],
          "url": "https://neotel.mk/"
        },
        {
          "name": "VulnCheck Advisory: KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/kztech-jtv-g-lte-cpe-insufficient-session-expiration-vulnerability"
        }
      ],
      "title": "KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47740",
    "datePublished": "2025-12-31T18:40:53.590Z",
    "dateReserved": "2025-12-23T13:24:04.581Z",
    "dateUpdated": "2026-01-02T20:42:41.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47663 (GCVE-0-2021-47663)

Vulnerability from cvelistv5 – Published: 2025-04-24 09:25 – Updated: 2025-04-24 15:22
VLAI
Title
Improper session handling
Summary
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
Franka Robotics Franka Emika Robot Affected: 0.0.0 , ≤ 4.0.3 (semver)
Create a notification for this product.
Credits
Siegfried Hollerer by TU Wien
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47663",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T13:46:29.228655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T15:22:23.071Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Franka Emika Robot",
          "vendor": "Franka Robotics",
          "versions": [
            {
              "lessThanOrEqual": "4.0.3",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Siegfried Hollerer by TU Wien"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Due to improper\u0026nbsp;JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access."
            }
          ],
          "value": "Due to improper\u00a0JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T09:25:23.807Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://www.sciencedirect.com/science/article/pii/S2351978921001657"
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#641761"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Improper session handling",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-47663",
    "datePublished": "2025-04-24T09:25:23.807Z",
    "dateReserved": "2025-03-17T08:25:16.736Z",
    "dateUpdated": "2025-04-24T15:22:23.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46279 (GCVE-0-2021-46279)

Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-05-07 13:43
VLAI
Title
Session Fixation and Insufficient Session Expiration
Summary
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-384 - Session Fixation
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
Lanner Inc IAC-AST2500A Affected: 1.10.0
Create a notification for this product.
Credits
Andrea Palanca of Nozomi Networks found this bug during a security research activity.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:02:11.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-46279/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46279",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T13:40:03.764652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T13:43:25.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IAC-AST2500A",
          "vendor": "Lanner Inc",
          "versions": [
            {
              "status": "affected",
              "version": "1.10.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "CWE-384 Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-01T00:00:00.000Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
        },
        {
          "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-46279/"
        }
      ],
      "source": {
        "advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-46279/",
        "discovery": "EXTERNAL"
      },
      "title": "Session Fixation and Insufficient Session Expiration",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2021-46279",
    "datePublished": "2022-10-24T00:00:00.000Z",
    "dateReserved": "2022-05-13T00:00:00.000Z",
    "dateUpdated": "2025-05-07T13:43:25.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

Set sessions/credentials expiration date.

No CAPEC attack patterns related to this CWE.