all InfoSec news
CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise
Malware Analysis, News and Indicators - Latest topics malware.news
Nettitude recently conducted a penetration test for a customer who used Rocket TRUfusion Enterprise within their external infrastructure. Two high severity vulnerabilities were identified, including an authentication bypass issue and Server-Side Request Forgery (SSRF). These vulnerabilities have been designated by MITRE as CVE-2022-25026 and CVE-2022-25027, and affect all versions prior to 7.9.5.1.
Rocket TRUfusion Enterprise is a software solution for organizations to exchange product design data such as CAD files. This is fronted by a web portal, which is where …
authentication authentication bypass bypass cad customer cve data design enterprise exchange external files forensics forgery high infrastructure issue mitre organizations penetration penetration test product request rocket server server-side request forgery severity software solution ssrf test vulnerabilities