CVE-2021-3740

MEDIUM Year: 2021
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.

Related Vulnerabilities

CVE-2018-1492

MEDIUM
CVSS:6.8(Medium)

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: ...

CWE-3842018

CVE-2022-3916

MEDIUM
CVSS:6.8(Medium)

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and ...

CWE-3842022

CVE-2023-3394

MEDIUM
CVSS:6.8(Medium)

Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.

CWE-3842023

CVE-2024-42170

MEDIUM
CVSS:6.8(Medium)

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.

CWE-3842024

CVE-2025-26658

MEDIUM
CVSS:6.8(Medium)

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper sess...

CWE-3842025

CVE-2016-6043

HIGH
CVSS:7.0(High)

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

CWE-3842016