Vulnerabilities > Tufin > Securetrack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-13462 | Authorization Bypass Through User-Controlled Key vulnerability in Tufin Securetrack 18.1 Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. | 5.7 |
| 2021-02-09 | CVE-2020-13461 | Unspecified vulnerability in Tufin Securetrack Username enumeration in present in Tufin SecureTrack. low complexity tufin | 4.3 |
| 2021-02-09 | CVE-2020-13409 | Cross-site Scripting vulnerability in Tufin Securetrack 18.1 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). | 5.9 |
| 2021-02-09 | CVE-2020-13408 | Cross-site Scripting vulnerability in Tufin Securetrack 18.1 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). | 5.9 |
| 2021-02-09 | CVE-2020-13407 | Cross-site Scripting vulnerability in Tufin Securetrack 18.1 Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). | 5.9 |