67 matches found
CVE-2018-18406
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...
EUVD-2020-5711
Malware in sbrugna...
EUVD-2018-10135
Malware in sbrugna...
EUVD-2020-5410
Malware in sbrugna...
EUVD-2020-5662
Malware in sbrugna...
EUVD-2020-5712
Malware in sbrugna...
EUVD-2020-5713
Malware in sbrugna...
EUVD-2020-5664
Malware in sbrugna...
EUVD-2020-5409
Malware in sbrugna...
CVE-2020-13409
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
CVE-2020-13461
Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access to the internal network. If an attacker is part of the internal network, they do not require acce...
CVE-2020-13460
Multiple Cross-Site Request Forgery CSRF vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA...
CVE-2020-13133
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges for storing the XSS payload itself, and can exploit be triggered by unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and...
CVE-2020-13407
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
Design/Logic Flaw
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2020-13462
CVE-2020-13462 concerns Tufin SecureChange. The vulnerability is an Insecure Direct Object Reference (IDOR) affecting all versions prior to R20-2 GA, allowing unintended access or disclosure via improper object reference handling. The issue is fixed in version R20-2 GA. Other connected documents ...