CVE-2016-8638

CRITICAL Year: 2016
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

Related Vulnerabilities

CVE-2017-3968

CRITICAL
CVSS:9.1(Critical)

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers t...

CWE-3842017

CVE-2020-12258

CRITICAL
CVSS:9.1(Critical)

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerabi...

CWE-3842020

CVE-2020-8990

CRITICAL
CVSS:9.1(Critical)

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.

CWE-3842020

CVE-2020-9370

CRITICAL
CVSS:9.1(Critical)

HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.

CWE-3842020

CVE-2022-36437

CRITICAL
CVSS:9.1(Critical)

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connectio...

CWE-3842022

CVE-2023-52268

CRITICAL
CVSS:9.1(Critical)

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is...

CWE-3842023