CVE-2024-1900

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-613
View all →

Vulnerability Description

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The user will stay authenticated until the Devolutions Server token expiration.

Related Vulnerabilities

CVE-2020-23136

MEDIUM
CVSS:5.5(Medium)

Microweber v1.1.18 is affected by no session expiry after log-out.

CWE-6132020

CVE-2020-4914

MEDIUM
CVSS:5.5(Medium)

IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.

CWE-6132020

CVE-2022-34392

MEDIUM
CVSS:5.5(Medium)

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads ...

CWE-6132022

CVE-2022-38707

MEDIUM
CVSS:5.5(Medium)

IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

CWE-6132022

CVE-2023-26288

MEDIUM
CVSS:5.5(Medium)

IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.

CWE-6132023

CVE-2017-14007

MEDIUM
CVSS:5.6(Medium)

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing ...

CWE-6132017