CVE-2023-47798

MEDIUM Year: 2023
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.

Related Vulnerabilities

CVE-2017-10890

MEDIUM
CVSS:4.6(Medium)

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware version...

CWE-3842017

CVE-2022-2997

MEDIUM
CVSS:4.6(Medium)

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

CWE-3842022

CVE-2022-30769

MEDIUM
CVSS:4.6(Medium)

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

CWE-3842022

CVE-2023-1265

MEDIUM
CVSS:4.5(Medium)

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The co...

CWE-3842023

CVE-2020-4291

MEDIUM
CVSS:4.7(Medium)

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI....

CWE-3842020

CVE-2024-24823

MEDIUM
CVSS:4.4(Medium)

Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, eve...

CWE-3842024