CVE-2020-13134

Опубликовано: 20 янв. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1.

Ссылки

https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md
Third Party Advisory
https://portal.tufin.com/aspx/SecurityAdvisories
Permissions Required
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md
Third Party Advisory
https://portal.tufin.com/aspx/SecurityAdvisories
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tufin:securechange:*:*:*:*:*:*:*:*

Версия до r19-3 (исключая)

cpe:2.3:a:tufin:securechange:r19-3:-:*:*:*:*:*:*

cpe:2.3:a:tufin:securechange:r20-1:-:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00235

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qr8g-6983-rmpw

github

больше 3 лет назад