Print
Category: SecureTrack

Tufin points out that a vulnerability has been found in Tufin SecureTrack.

It's a XXE (XML External Entity) vulnerability described in Top 10-2017 A4-XML External Entities (XXE) which alows attackers to exploit vulnerable XML processors. They can upload XML or include hostile content in a XML document.

Tufin has provided a first fix to address this issue:

TOS 17-3 HF 4.1

For these versions fixes will be available and included, respectively:

TOS 18-1 HF 3  - scheduled to be published on September 5th, 2018

TOS 18-2 GA - Fix will be included in GA scheduled for release on August 22nd, 2018

Due to Tufin's policy regarding earlier versions no fix will be published for them. So if you use an older version, please do an upgrade to a supported version.