CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
CVE-2024-56413 (GCVE-0-2024-56413)
Vulnerability from cvelistv5 – Published: 2025-01-02 15:26 – Updated: 2025-01-02 17:09
VLAI
Summary
Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Affected:
unspecified , < 39169
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T17:08:53.112716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T17:09:09.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39169",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@strgt (https://hackerone.com/strgt)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T15:26:00.507Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-7612",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-7612"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-56413",
"datePublished": "2025-01-02T15:26:00.507Z",
"dateReserved": "2024-12-23T18:49:13.540Z",
"dateUpdated": "2025-01-02T17:09:09.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5995 (GCVE-0-2024-5995)
Vulnerability from cvelistv5 – Published: 2024-06-14 07:18 – Updated: 2024-08-01 21:25
VLAI
Title
Soar Cloud HR Portal - Insufficient Session Expiration
Summary
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Soar Cloud | HR Portal |
Affected:
earlier , < 7.3.2024.0409
(custom)
|
|
| scshr | hr_portal |
Affected:
0 , < 7.3.2024.0409
(custom)
cpe:2.3:a:scshr:hr_portal:*:*:*:*:*:*:*:* |
Date Public
2024-06-14 07:13
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:scshr:hr_portal:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "hr_portal",
"vendor": "scshr",
"versions": [
{
"lessThan": "7.3.2024.0409",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T20:17:44.400942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T20:22:38.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HR Portal",
"vendor": "Soar Cloud",
"versions": [
{
"lessThan": "7.3.2024.0409",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-14T07:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused."
}
],
"value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused."
}
],
"impacts": [
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T07:18:32.904Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversion\u003c/span\u003e\n\n7.3.2024.0409 or later."
}
],
"value": "Update to \n\nversion\n\n7.3.2024.0409 or later."
}
],
"source": {
"advisory": "TVN-202406009",
"discovery": "EXTERNAL"
},
"title": "Soar Cloud HR Portal - Insufficient Session Expiration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-5995",
"datePublished": "2024-06-14T07:18:32.904Z",
"dateReserved": "2024-06-14T06:53:30.790Z",
"dateUpdated": "2024-08-01T21:25:03.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8888 (GCVE-0-2024-8888)
Vulnerability from cvelistv5 – Published: 2024-09-18 11:54 – Updated: 2024-09-18 13:14
VLAI
Title
Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT
Summary
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CIRCUTOR | CIRCUTOR Q-SMT |
Affected:
1.0.4
(firmware)
|
|
| circutor | circutor_q_smt |
Affected:
10.4
cpe:2.3:a:circutor:circutor_q_smt:*:*:*:*:*:*:*:* |
Date Public
2024-09-16 10:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:circutor:circutor_q_smt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "circutor_q_smt",
"vendor": "circutor",
"versions": [
{
"status": "affected",
"version": "10.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:10:09.717495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:14:00.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIRCUTOR Q-SMT",
"vendor": "CIRCUTOR",
"versions": [
{
"status": "affected",
"version": "1.0.4",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aar\u00f3n Flecha"
},
{
"lang": "en",
"type": "finder",
"value": "Gabriel V\u00eda Echezarreta"
}
],
"datePublic": "2024-09-16T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc."
}
],
"value": "An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T11:54:47.337Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CIRCUTOR Q-SMT, in its firmware version 1.0.5, effectively solved the potential threat. CIRCUTOR made the new version available to its customers privately and strongly recommends them to keep their equipment updated."
}
],
"value": "CIRCUTOR Q-SMT, in its firmware version 1.0.5, effectively solved the potential threat. CIRCUTOR made the new version available to its customers privately and strongly recommends them to keep their equipment updated."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-8888",
"datePublished": "2024-09-18T11:54:47.337Z",
"dateReserved": "2024-09-16T10:20:29.982Z",
"dateUpdated": "2024-09-18T13:14:00.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0138 (GCVE-0-2025-0138)
Vulnerability from cvelistv5 – Published: 2025-05-14 18:10 – Updated: 2025-06-23 15:09
VLAI
Title
Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface
Summary
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.
Compute in Prisma Cloud Enterprise Edition is not affected by this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0138 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Prisma Cloud Compute Edition |
Affected:
1 , < 34.01.129
(custom)
cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:34.00.137:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.03.138:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.02.134:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.01.137:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.07.123:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.06.113:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.05.124:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.04.113:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Compute in Prisma Cloud Enterprise Edition |
Unaffected:
All
(custom)
|
Date Public
2025-05-14 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T19:44:48.071193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:45:01.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:34.00.137:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.03.138:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.02.134:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.01.137:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.07.123:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.06.113:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.05.124:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.04.113:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Prisma Cloud Compute Edition",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "34.01.129",
"status": "unaffected"
}
],
"lessThan": "34.01.129",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compute in Prisma Cloud Enterprise Edition",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maciej Pypec of ING"
}
],
"datePublic": "2025-05-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWeb sessions in the web interface of Palo Alto Networks Prisma\u00ae Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.\u003c/p\u003eCompute in Prisma Cloud Enterprise Edition is not affected by this issue."
}
],
"value": "Web sessions in the web interface of Palo Alto Networks Prisma\u00ae Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.\n\nCompute in Prisma Cloud Enterprise Edition is not affected by this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T15:09:31.123Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0138"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Prisma Cloud Compute Edition 34.01.129, and all later Prisma Cloud Compute Edition versions."
}
],
"value": "This issue is fixed in Prisma Cloud Compute Edition 34.01.129, and all later Prisma Cloud Compute Edition versions."
}
],
"source": {
"defect": [
"CWP-62541"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-14T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo workaround or mitigation is available.\u003c/p\u003e"
}
],
"value": "No workaround or mitigation is available."
}
],
"x_affectedList": [
"Prisma Cloud Compute Edition 34.00.0",
"Prisma Cloud Compute Edition 34.00.1",
"Prisma Cloud Compute Edition 34.00.2",
"Prisma Cloud Compute Edition 34.00.3",
"Prisma Cloud Compute Edition 34.00.4",
"Prisma Cloud Compute Edition 34.00.5",
"Prisma Cloud Compute Edition 34.00.6",
"Prisma Cloud Compute Edition 34.00.7",
"Prisma Cloud Compute Edition 34.00.8",
"Prisma Cloud Compute Edition 34.00.9",
"Prisma Cloud Compute Edition 34.00.10",
"Prisma Cloud Compute Edition 34.00.11",
"Prisma Cloud Compute Edition 34.00.12",
"Prisma Cloud Compute Edition 34.00.13",
"Prisma Cloud Compute Edition 34.00.14",
"Prisma Cloud Compute Edition 34.00.15",
"Prisma Cloud Compute Edition 34.00.16",
"Prisma Cloud Compute Edition 34.00.17",
"Prisma Cloud Compute Edition 34.00.18",
"Prisma Cloud Compute Edition 34.00.19",
"Prisma Cloud Compute Edition 34.00.20",
"Prisma Cloud Compute Edition 34.00.21",
"Prisma Cloud Compute Edition 34.00.22",
"Prisma Cloud Compute Edition 34.00.23",
"Prisma Cloud Compute Edition 34.00.24",
"Prisma Cloud Compute Edition 34.00.25",
"Prisma Cloud Compute Edition 34.00.26",
"Prisma Cloud Compute Edition 34.00.27",
"Prisma Cloud Compute Edition 34.00.28",
"Prisma Cloud Compute Edition 34.00.29",
"Prisma Cloud Compute Edition 34.00.30",
"Prisma Cloud Compute Edition 34.00.31",
"Prisma Cloud Compute Edition 34.00.32",
"Prisma Cloud Compute Edition 34.00.33",
"Prisma Cloud Compute Edition 34.00.34",
"Prisma Cloud Compute Edition 34.00.35",
"Prisma Cloud Compute Edition 34.00.36",
"Prisma Cloud Compute Edition 34.00.37",
"Prisma Cloud Compute Edition 34.00.38",
"Prisma Cloud Compute Edition 34.00.39",
"Prisma Cloud Compute Edition 34.00.40",
"Prisma Cloud Compute Edition 34.00.41",
"Prisma Cloud Compute Edition 34.00.42",
"Prisma Cloud Compute Edition 34.00.43",
"Prisma Cloud Compute Edition 34.00.44",
"Prisma Cloud Compute Edition 34.00.45",
"Prisma Cloud Compute Edition 34.00.46",
"Prisma Cloud Compute Edition 34.00.47",
"Prisma Cloud Compute Edition 34.00.48",
"Prisma Cloud Compute Edition 34.00.49",
"Prisma Cloud Compute Edition 34.00.50",
"Prisma Cloud Compute Edition 34.00.51",
"Prisma Cloud Compute Edition 34.00.52",
"Prisma Cloud Compute Edition 34.00.53",
"Prisma Cloud Compute Edition 34.00.54",
"Prisma Cloud Compute Edition 34.00.55",
"Prisma Cloud Compute Edition 34.00.56",
"Prisma Cloud Compute Edition 34.00.57",
"Prisma Cloud Compute Edition 34.00.58",
"Prisma Cloud Compute Edition 34.00.59",
"Prisma Cloud Compute Edition 34.00.60",
"Prisma Cloud Compute Edition 34.00.61",
"Prisma Cloud Compute Edition 34.00.62",
"Prisma Cloud Compute Edition 34.00.63",
"Prisma Cloud Compute Edition 34.00.64",
"Prisma Cloud Compute Edition 34.00.65",
"Prisma Cloud Compute Edition 34.00.66",
"Prisma Cloud Compute Edition 34.00.67",
"Prisma Cloud Compute Edition 34.00.68",
"Prisma Cloud Compute Edition 34.00.69",
"Prisma Cloud Compute Edition 34.00.70",
"Prisma Cloud Compute Edition 34.00.71",
"Prisma Cloud Compute Edition 34.00.72",
"Prisma Cloud Compute Edition 34.00.73",
"Prisma Cloud Compute Edition 34.00.74",
"Prisma Cloud Compute Edition 34.00.75",
"Prisma Cloud Compute Edition 34.00.76",
"Prisma Cloud Compute Edition 34.00.77",
"Prisma Cloud Compute Edition 34.00.78",
"Prisma Cloud Compute Edition 34.00.79",
"Prisma Cloud Compute Edition 34.00.80",
"Prisma Cloud Compute Edition 34.00.81",
"Prisma Cloud Compute Edition 34.00.82",
"Prisma Cloud Compute Edition 34.00.83",
"Prisma Cloud Compute Edition 34.00.84",
"Prisma Cloud Compute Edition 34.00.85",
"Prisma Cloud Compute Edition 34.00.86",
"Prisma Cloud Compute Edition 34.00.87",
"Prisma Cloud Compute Edition 34.00.88",
"Prisma Cloud Compute Edition 34.00.89",
"Prisma Cloud Compute Edition 34.00.90",
"Prisma Cloud Compute Edition 34.00.91",
"Prisma Cloud Compute Edition 34.00.92",
"Prisma Cloud Compute Edition 34.00.93",
"Prisma Cloud Compute Edition 34.00.94",
"Prisma Cloud Compute Edition 34.00.95",
"Prisma Cloud Compute Edition 34.00.96",
"Prisma Cloud Compute Edition 34.00.97",
"Prisma Cloud Compute Edition 34.00.98",
"Prisma Cloud Compute Edition 34.00.99",
"Prisma Cloud Compute Edition 34.00.100",
"Prisma Cloud Compute Edition 34.00.101",
"Prisma Cloud Compute Edition 34.00.102",
"Prisma Cloud Compute Edition 34.00.103",
"Prisma Cloud Compute Edition 34.00.104",
"Prisma Cloud Compute Edition 34.00.105",
"Prisma Cloud Compute Edition 34.00.106",
"Prisma Cloud Compute Edition 34.00.107",
"Prisma Cloud Compute Edition 34.00.108",
"Prisma Cloud Compute Edition 34.00.109",
"Prisma Cloud Compute Edition 34.00.110",
"Prisma Cloud Compute Edition 34.00.111",
"Prisma Cloud Compute Edition 34.00.112",
"Prisma Cloud Compute Edition 34.00.113",
"Prisma Cloud Compute Edition 34.00.114",
"Prisma Cloud Compute Edition 34.00.115",
"Prisma Cloud Compute Edition 34.00.116",
"Prisma Cloud Compute Edition 34.00.117",
"Prisma Cloud Compute Edition 34.00.118",
"Prisma Cloud Compute Edition 34.00.119",
"Prisma Cloud Compute Edition 34.00.120",
"Prisma Cloud Compute Edition 34.00.121",
"Prisma Cloud Compute Edition 34.00.122",
"Prisma Cloud Compute Edition 34.00.123",
"Prisma Cloud Compute Edition 34.00.124",
"Prisma Cloud Compute Edition 34.00.125",
"Prisma Cloud Compute Edition 34.00.126",
"Prisma Cloud Compute Edition 34.00.127",
"Prisma Cloud Compute Edition 34.00.128",
"Prisma Cloud Compute Edition 34.00.129",
"Prisma Cloud Compute Edition 34.00.130",
"Prisma Cloud Compute Edition 34.00.131",
"Prisma Cloud Compute Edition 34.00.132",
"Prisma Cloud Compute Edition 34.00.133",
"Prisma Cloud Compute Edition 34.00.134",
"Prisma Cloud Compute Edition 34.00.135",
"Prisma Cloud Compute Edition 34.00.136",
"Prisma Cloud Compute Edition 34.00.137",
"Prisma Cloud Compute Edition 34.00.138",
"Prisma Cloud Compute Edition 34.00.139",
"Prisma Cloud Compute Edition 34.00.140"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0138",
"datePublished": "2025-05-14T18:10:16.979Z",
"dateReserved": "2024-12-20T23:24:41.254Z",
"dateUpdated": "2025-06-23T15:09:31.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10223 (GCVE-0-2025-10223)
Vulnerability from cvelistv5 – Published: 2025-09-10 12:35 – Updated: 2025-10-08 11:49
VLAI
Title
Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)
Summary
Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AxxonSoft | AxxonOne C-Werk |
Affected:
0 , ≤ 2.0.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T13:22:15.826898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T13:24:30.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AxxonOne C-Werk",
"vendor": "AxxonSoft",
"versions": [
{
"lessThanOrEqual": "2.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Discovered internally during access control regression testing."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration."
}
],
"value": "Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T11:49:37.530Z",
"orgId": "15ede60e-6fda-426e-be9c-e788f151a377",
"shortName": "AxxonSoft"
},
"references": [
{
"url": "https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to \u003cstrong\u003e2.0.3 or later\u003c/strong\u003e, where Web UI enforces forced logout when role changes occur.\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to 2.0.3 or later, where Web UI enforces forced logout when role changes occur."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On earlier versions, administrators should \u003cstrong\u003emanually log out users\u003c/strong\u003e when changing access rights.\n\n\u003cbr\u003e"
}
],
"value": "On earlier versions, administrators should manually log out users when changing access rights."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "15ede60e-6fda-426e-be9c-e788f151a377",
"assignerShortName": "AxxonSoft",
"cveId": "CVE-2025-10223",
"datePublished": "2025-09-10T12:35:32.800Z",
"dateReserved": "2025-09-10T12:35:13.351Z",
"dateUpdated": "2025-10-08T11:49:37.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11429 (GCVE-0-2025-11429)
Vulnerability from cvelistv5 – Published: 2025-10-23 14:09 – Updated: 2026-01-20 21:16
VLAI
Title
Keycloak-server: too long and not settings compliant session
Summary
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security configuration change. This is a logic flaw in session management increases the potential window for successful session hijacking or unauthorized long-term access persistence. The flaw lies in the session expiration logic relying on the session-local "remember-me" flag without validating the current realm-level configuration.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:22088 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:22089 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-11429 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2402148 | issue-trackingx_refsource_REDHAT |
| https://github.com/keycloak/keycloak/commit/a3409… | |
| https://github.com/keycloak/keycloak/commit/bda0e… | |
| https://github.com/keycloak/keycloak/issues/43328 |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Keycloak | keycloak |
Affected:
0 , < 26.4.1
(semver)
|
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2.11-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2-12 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2.11 |
cpe:/a:redhat:build_keycloak:26.2::el9 |
Date Public
2025-10-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T14:31:09.392163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T14:31:49.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keycloak/keycloak",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"product": "keycloak",
"vendor": "Keycloak",
"versions": [
{
"lessThan": "26.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2.11-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Keycloak 26.2.11",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Alexander Schwartz (Red Hat)."
}
],
"datePublic": "2025-10-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the \"Remember Me\" realm setting on existing user sessions. Sessions created while \"Remember Me\" was active retain their extended session lifetime until they expire, overriding the administrator\u0027s recent security configuration change. This is a logic flaw in session management increases the potential window for successful session hijacking or unauthorized long-term access persistence. The flaw lies in the session expiration logic relying on the session-local \"remember-me\" flag without validating the current realm-level configuration."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:16:58.585Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:22088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22088"
},
{
"name": "RHSA-2025:22089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22089"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-11429"
},
{
"name": "RHBZ#2402148",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402148"
},
{
"url": "https://github.com/keycloak/keycloak/commit/a34094100716b7c69ae38eaed6678ab4344d0a1d"
},
{
"url": "https://github.com/keycloak/keycloak/commit/bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b"
},
{
"url": "https://github.com/keycloak/keycloak/issues/43328"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T12:40:34.287Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Keycloak-server: too long and not settings compliant session",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-613: Insufficient Session Expiration"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-11429",
"datePublished": "2025-10-23T14:09:31.901Z",
"dateReserved": "2025-10-07T12:45:40.121Z",
"dateUpdated": "2026-01-20T21:16:58.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1198 (GCVE-0-2025-1198)
Vulnerability from cvelistv5 – Published: 2025-02-13 00:55 – Updated: 2025-02-13 14:57
VLAI
Title
Insufficient Session Expiration in GitLab
Summary
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results.
Severity
4.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/511477 | issue-trackingpermissions-required |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:57:14.620465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:57:28.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "17.6.5",
"status": "affected",
"version": "16.11",
"versionType": "semver"
},
{
"lessThan": "17.7.4",
"status": "affected",
"version": "17.7",
"versionType": "semver"
},
{
"lessThan": "17.8.2",
"status": "affected",
"version": "17.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability has been discovered internally by a GitLab team member [Dylan Griffith](https://gitlab.com/DylanGriffith)."
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T00:55:50.295Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #511477",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/511477"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 17.6.5, 17.7.4, 17.8.2 or above."
}
],
"title": "Insufficient Session Expiration in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-1198",
"datePublished": "2025-02-13T00:55:50.295Z",
"dateReserved": "2025-02-10T16:02:02.388Z",
"dateUpdated": "2025-02-13T14:57:28.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12110 (GCVE-0-2025-12110)
Vulnerability from cvelistv5 – Published: 2025-10-23 14:19 – Updated: 2026-01-20 21:04
VLAI
Title
Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removed
Summary
A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:21370 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:21371 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:22088 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2025:22089 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2025-12110 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2406033 | issue-trackingx_refsource_REDHAT |
| https://github.com/keycloak/keycloak/pull/43790 |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Keycloak | keycloak |
Affected:
0 , < 26.4.3
(semver)
|
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2.11-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2 |
Unaffected:
26.2-12 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.2.11 |
cpe:/a:redhat:build_keycloak:26.2::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4.4-1 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4 |
Unaffected:
26.4-3 , < *
(rpm)
cpe:/a:redhat:build_keycloak:26.4::el9 |
|
| Red Hat | Red Hat build of Keycloak 26.4.4 |
cpe:/a:redhat:build_keycloak:26.4::el9 |
Date Public
2025-10-23 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T14:27:24.492326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T14:28:01.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/keycloak/keycloak",
"defaultStatus": "unaffected",
"packageName": "keycloak",
"product": "keycloak",
"vendor": "Keycloak",
"versions": [
{
"lessThan": "26.4.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2.11-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.2-12",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.2::el9"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Keycloak 26.2.11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-operator-bundle",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4.4-1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9-operator",
"product": "Red Hat build of Keycloak 26.4",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "26.4-3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:26.4::el9"
],
"defaultStatus": "unaffected",
"packageName": "keycloak-server",
"product": "Red Hat build of Keycloak 26.4.4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:04:49.198Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:21370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21370"
},
{
"name": "RHSA-2025:21371",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:21371"
},
{
"name": "RHSA-2025:22088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22088"
},
{
"name": "RHSA-2025:22089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22089"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-12110"
},
{
"name": "RHBZ#2406033",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406033"
},
{
"url": "https://github.com/keycloak/keycloak/pull/43790"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-23T13:59:13.455Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-10-23T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client\u0027s offline_access scope was removed",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-613: Insufficient Session Expiration"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-12110",
"datePublished": "2025-10-23T14:19:24.752Z",
"dateReserved": "2025-10-23T14:07:56.849Z",
"dateUpdated": "2026-01-20T21:04:49.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12624 (GCVE-0-2025-12624)
Vulnerability from cvelistv5 – Published: 2026-04-16 10:25 – Updated: 2026-04-16 12:30
VLAI
Title
Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock
Summary
Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.
The security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.docs.wso2.com/en/latest/security… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WSO2 | WSO2 Identity Server |
Unknown:
0 , < 5.2.0
(custom)
Affected: 5.2.0 , < 5.2.0.35 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T12:19:51.834842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:30:14.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.2.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.2.0.35",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.0.35",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire."
}
],
"value": "Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire."
}
],
"impacts": [
{
"capecId": "CAPEC-149",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-149 CAPEC-149: Session Token Handling"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T10:25:19.789Z",
"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"shortName": "WSO2"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution"
}
],
"source": {
"advisory": "WSO2-2025-4684",
"discovery": "INTERNAL"
},
"title": "Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"assignerShortName": "WSO2",
"cveId": "CVE-2025-12624",
"datePublished": "2026-04-16T10:25:19.789Z",
"dateReserved": "2025-11-03T06:20:27.950Z",
"dateUpdated": "2026-04-16T12:30:14.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14810 (GCVE-0-2025-14810)
Vulnerability from cvelistv5 – Published: 2026-03-25 20:11 – Updated: 2026-03-26 17:51
VLAI
Title
IBM InfoSphere Information Server is vulnerable due to insufficient session expiration
Summary
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7266696 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | InfoSphere Information Server |
Affected:
11.7.0.0 , ≤ 11.7.1.6
(semver)
cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T17:40:19.149971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T17:51:17.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*"
],
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.7.1.6",
"status": "affected",
"version": "11.7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\u003c/p\u003e"
}
],
"value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T20:11:21.295Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7266696"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM InfoSphere Information Server\u003c/td\u003e\u003ctd\u003e11.7.0.0 to 11.7.1.6\u003c/td\u003e\u003ctd\u003e\u003ca title=\" DT458476\" href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Z73/dt458476\" rel=\"nofollow\"\u003eDT458476\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/878310\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"\u003e11.7.1.0\u003c/a\u003e\u0026nbsp;\u003cbr\u003e--Apply IBM InfoSphere Information Server version\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7182872\" rel=\"nofollow\"\u003e11.7.1.6\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e--Apply IBM InfoSphere Information Server\u0026nbsp;\u003ca href=\"https://www.ibm.com/support/pages/node/7260779\" rel=\"nofollow\"\u003e11.7.1.6 Service pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "ProductVersion(s)APARRemediationIBM InfoSphere Information Server11.7.0.0 to 11.7.1.6 DT458476 https://www.ibm.com/mysupport/s/defect/aCIgJ0000008Z73/dt458476 --Apply IBM InfoSphere Information Server version\u00a0 11.7.1.0 https://www.ibm.com/support/pages/node/878310 \u00a0\n--Apply IBM InfoSphere Information Server version\u00a0 11.7.1.6 https://www.ibm.com/support/pages/node/7182872 \n\n--Apply IBM InfoSphere Information Server\u00a0 11.7.1.6 Service pack 2 https://www.ibm.com/support/pages/node/7260779"
}
],
"title": "IBM InfoSphere Information Server is vulnerable due to insufficient session expiration",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14810",
"datePublished": "2026-03-25T20:11:21.295Z",
"dateReserved": "2025-12-16T22:58:57.497Z",
"dateUpdated": "2026-03-26T17:51:17.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Implementation
Description:
- Set sessions/credentials expiration date.
No CAPEC attack patterns related to this CWE.