CVE-2023-40732

LOW Year: 2023
CVSS v3 Score
3.9
Low
Weakness Type
CWE-613
View all →

Vulnerability Description

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.

Related Vulnerabilities

CVE-2024-4680

LOW
CVSS:3.9(Low)

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire afte...

CWE-6132024

CVE-2020-4995

MEDIUM
CVSS:4.0(Medium)

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 1...

CWE-6132020

CVE-2020-6197

LOW
CVSS:3.8(Low)

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download t...

CWE-6132020

CVE-2021-29868

MEDIUM
CVSS:4.0(Medium)

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.

CWE-6132021

CVE-2023-4005

LOW
CVSS:3.8(Low)

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.

CWE-6132023

CVE-2019-3867

MEDIUM
CVSS:4.1(Medium)

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's cont...

CWE-6132019