CVE-2020-13133
Last modified
CVE-2020-13133 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tufin | Securechange | < r19-3 |
| Tufin | Securechange | r19-3 |
| Tufin | Securechange | r20-1 |
References
- https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.mdThird Party Advisory
- https://portal.tufin.com/aspx/SecurityAdvisoriesPermissions Required
- https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.mdThird Party Advisory
- https://portal.tufin.com/aspx/SecurityAdvisoriesPermissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-13133?
How severe is CVE-2020-13133?
How do I fix CVE-2020-13133?
Are you affected by CVE-2020-13133?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST