Reflected + Stored Cross-Site Scripting (XSS) vulnerability

Reflected + Stored Cross-Site Scripting (XSS) vulnerability

Reflected + Stored Cross-Site Scripting (XSS) vulnerability

Publish date

August 2020

Identifier

CVE-2020-13133

Manufacturer

Tufin

Product

SecureChange

Patched

https://portal.tufin.com/aspx/SecurityAdvisories R19.3 HF3 + R20.1 HF1

Authors

Andrej Šimko of Accenture

Description

Reflected + Stored Cross-Site Scripting (XSS) vulnerability in Tufin SecureChange, affecting all versions prior to 19.3 HF3. Fixed in version 19.3 HF3. To exploit the vulnerability, an attacker needs admin privileges.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13133

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA