VYPR

SecureChange

by Tufin

CVEs (3)

  • CVE-2020-13133MedJan 20, 2021
    risk 0.40cvss 6.1epss 0.01

    Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments…

  • CVE-2020-13462MedFeb 9, 2021
    risk 0.37cvss 5.7epss 0.00

    Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.

  • CVE-2020-13134MedJan 20, 2021
    risk 0.31cvss 4.8epss 0.01

    Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to…