CVE-2024-23590

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-384
View all →

Vulnerability Description

Session Fixation vulnerability in Apache Kylin. This issue affects Apache Kylin: from 2.0.0 through 4.x. Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.

Related Vulnerabilities

CVE-2016-8638

CRITICAL
CVSS:9.1(Critical)

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to...

CWE-3842016

CVE-2017-3968

CRITICAL
CVSS:9.1(Critical)

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers t...

CWE-3842017

CVE-2020-12258

CRITICAL
CVSS:9.1(Critical)

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerabi...

CWE-3842020

CVE-2020-8990

CRITICAL
CVSS:9.1(Critical)

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.

CWE-3842020

CVE-2020-9370

CRITICAL
CVSS:9.1(Critical)

HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.

CWE-3842020

CVE-2022-36437

CRITICAL
CVSS:9.1(Critical)

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connectio...

CWE-3842022