The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”