23 matches found
CVE-2020-13134
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges for storing the XSS payload itself, and can exploit be triggered by admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...
Tufin Securechange Cross-Site Scripting Vulnerability
Tufin Securechange is a network management software for enterprise environments from Tufin USA. A cross-site scripting vulnerability exists in Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1, which stems from a lack of proper validation of client-side data by the WEB application. An attacker...
Tufin Secure Change Remote Code Execution Exploit
Tufin SecureChange uses Richfaces version 4.3.5 which suffers from a remote code execution vulnerability. Product: Secure Change Vendor: Tufin Subject: Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 unauthenticated RCE CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H base score...