Every CVE whose affected-product data names Tufin Securetrack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-18406 — CVSS 9.9 (critical): An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE…
CVE-2020-13460 — CVSS 8.8 (high): Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.
CVE-2020-13408 — CVSS 5.9 (medium): Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the…
CVE-2020-13409 — CVSS 5.9 (medium): Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the…
CVE-2020-13407 — CVSS 5.9 (medium): Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the…
CVE-2020-13462 — CVSS 5.7 (medium): Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA.
CVE-2020-13461 — CVSS 4.3 (medium): Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this…