48 matches found
Cross site scripting
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
Cross site scripting
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
Cross site scripting
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
Deserialization of untrusted data
Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access to the internal network. If an attacker is part of the internal network, they do not require acce...
CVE-2020-13461
CVE-2020-13461 applies to Tufin SecureTrack and concerns username enumeration affecting all versions. The available documents state that this vulnerability allows an attacker to enumerate usernames and that the vendor has decided not to fix it. The vendor’s response notes that the attack requires...
CVE-2020-13461
Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access to the internal network. If an attacker is part of the internal network, they do not require acce...
CVE-2020-13460
Multiple Cross-Site Request Forgery CSRF vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA...
CVE-2020-13460
CVE-2020-13460 affects Tufin SecureTrack and describes Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in all versions prior to R20-2 GA. The NVD metrics show CVSS v3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, no privileges, and user interaction required...
CVE-2020-13407
Tufin SecureTrack
CVE-2020-13407
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
CVE-2020-13409
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
CVE-2020-13409
CVE-2020-13409 affects Tufin SecureTrack (R20-2 GA). The issue combines reflected and stored cross-site scripting: payloads are reflected to the user and also stored in the database, enabling re-triggering by the same or other users. Documents indicate that an admin can be targeted and that malic...
CVE-2020-13408
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
CVE-2020-13408
The CVE-2020-13408 entry concerns Tufin SecureTrack (R20-2 GA). The vulnerability is a combined reflected and stored XSS, where payloads are reflected to users and stored in the DB, enabling repetition by the same or other users. The impact notes that an attacker—potentially non-authenticated or ...
Tufin SecureTrack R20-2 GA Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in the Tufin SecureTrack R20-2 GA that stems from a lack of proper validation of client-side data by a WEB application. An attacker can exploit this vulnerability to execute client-side code...
Tufin SecureTrack R20-2 GA Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in the Tufin SecureTrack R20-2 GA that stems from a lack of proper validation of client-side data by a WEB application. An attacker can exploit this vulnerability to execute client-side code...
Tufin SecureTrack R20-2 GA Cross-Site Scripting Vulnerability
USA Tufin SecureTrack is a firewall policy management platform from Tufin USA USA. A cross-site scripting vulnerability exists in the Tufin SecureTrack R20-2 GA, which originates from a web application that lacks proper validation of client data. An attacker can exploit this vulnerability to...
Tufin SecureTrack R20-2 GA Cross-Site Request Forgery Vulnerability
USA Tufin SecureTrack is a firewall policy management platform from Tufin USA USA. A cross-site request forgery vulnerability exists in the Tufin SecureTrack R20-2 GA, which arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker...
Tufin SecureTrack Security Vulnerability
USA Tufin SecureTrack is a firewall policy management platform from Tufin America USA. A security vulnerability exists in all versions of Tufin SecureTrack that stems from allowing username enumeration...
CVE-2018-18406
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...