Lucene search

[email protected]NVD:CVE-2020-13461

HistoryFeb 09, 2021 - 5:15 a.m.

CVE-2020-13461

2021-02-0905:15:13

[email protected]

web.nvd.nist.gov

username enumeration

tufin securetrack

vendor response

internal network

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

25.0%

JSON

Username enumeration in present in Tufin SecureTrack. It’s affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor’s response: “This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames”.

Affected configurations

Nvd

Node

tufinsecuretrack

VendorProductVersionCPE
tufinsecuretrack*cpe:2.3:a:tufin:securetrack:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tufin	securetrack	*	cpe:2.3:a:tufin:securetrack::::::::

References

github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

25.0%

JSON

Related for NVD:CVE-2020-13461

cvelist1 cve1 prion1