Vulnerabilities > Tufin > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2020-13462 Authorization Bypass Through User-Controlled Key vulnerability in Tufin Securetrack 18.1
Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA.
low complexity
tufin CWE-639
5.7
2021-02-09 CVE-2020-13461 Unspecified vulnerability in Tufin Securetrack
Username enumeration in present in Tufin SecureTrack.
low complexity
tufin
4.3
2021-02-09 CVE-2020-13409 Cross-site Scripting vulnerability in Tufin Securetrack 18.1
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).
low complexity
tufin CWE-79
5.9
2021-02-09 CVE-2020-13408 Cross-site Scripting vulnerability in Tufin Securetrack 18.1
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).
low complexity
tufin CWE-79
5.9
2021-02-09 CVE-2020-13407 Cross-site Scripting vulnerability in Tufin Securetrack 18.1
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).
low complexity
tufin CWE-79
5.9
2021-01-20 CVE-2020-13134 Cross-site Scripting vulnerability in Tufin Securechange
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS.
network
low complexity
tufin CWE-79
4.8
2021-01-20 CVE-2020-13133 Cross-site Scripting vulnerability in Tufin Securechange
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS.
network
low complexity
tufin CWE-79
6.1