CWE-1018 (Manage User Sessions) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Weaknesses in this category are related to the design and architecture of session management. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session management if they are not addressed when designing or implementing a secure architecture.
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2025-14909 | 2025-12-18 | A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeec… |
| CVE-2023-6760 | 2023-12-13 | A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated rem… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Mapping_Notes |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |