4 matches found
CVE-2022-25026
CVE-2022-25026 is a Server-Side Request Forgery in Rocket TRUfusion Portal v7.9.2.1. An attacker can trigger requests to /trufusionPortal/upDwModuleProxy to access internal resources. CVSS v3.1 base score 7.5 (HIGH); vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. No exploitation details or remediati...
CVE-2022-25027
The CVE-2022-25027 entry concerns Rocket TRUfusion Portal v7.9.2.1, where the Forgotten Password flow can bypass authentication by validating the user’s session token after clicking the Password forgotten?; this is described across multiple sources (NVD, Red Hat CVE entries, OSV) as an authentica...
CVE-2025-59793
CVE-2025-59793 Details (MODE C) Rocket TRUfusion Enterprise (
CVE-2025-32355
CVE-2025-32355 affects Rocket TRUfusion Enterprise up to version 7.10.4.0, where the built-in reverse proxy can be misconfigured to accept absolute URLs in the HTTP request line. This enables server-side requests to load arbitrary resources via the proxy, constituting a server-side request forger...