CVE-2019-12203

SilverStripe through 4.3.3 allows session fixation in the “change password” form.
Source: NIST
CVE-2019-12203