Sign in Get started

← All vendors

Vendor

Rocketsoftware

Sign in to watch

Products

2

CVEs

3

Across products

3

Status

Private

Products

2

Trufusion Enterprise
2 CVEs
Rocket Servergraph
1 CVE

Recent CVEs

3

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-59793	Cri	0.64	9.9	0.01		Feb 17, 2026	Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
CVE-2025-32355	Hig	0.48	7.3	0.02		Feb 17, 2026	Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
CVE-2014-3914		0.10	—	0.84		Aug 7, 2014	Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.