all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-25026 & CVE-2022-25027: Vulnerabilities in Rocket TRUfusion Enterprise

Add to bookmarks
Jan. 4, 2023, 11:30 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Nettitude recently conducted a penetration test for a customer who used Rocket TRUfusion Enterprise within their external infrastructure. Two high severity vulnerabilities were identified, including an authentication bypass issue and Server-Side Request Forgery (SSRF). These vulnerabilities have been designated by MITRE as CVE-2022-25026 and CVE-2022-25027, and affect all versions prior to 7.9.5.1.


Rocket TRUfusion Enterprise is a software solution for organizations to exchange product design data such as CAD files. This is fronted by a web portal, which is where …

authentication authentication bypass bypass cad customer cve data design enterprise exchange external files forensics forgery high infrastructure issue mitre organizations penetration penetration test product request rocket server server-side request forgery severity software solution ssrf test vulnerabilities

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Just Launched: Checkmarx AI Security an hour ago | malware.news
address ai security appsec area +12
Introducing Real Time IDE Scanning – More Secure Code in Real Time an hour ago | malware.news
address code development development teams +14
Introducing AI Security Champion with Auto-remediation for SAST an hour ago | malware.news
ai security application applications application security +16
How to Incorporate SAST, DAST, and SCA into the SDLC 14 hours ago | malware.news
application application security application security testing application security testing tools +12
Nslookup's Debug Options, (Sun, May 5th) 16 hours ago | malware.news
debug dns machine may +4
Pay up, or else? – Week in security with Tony Anscombe 1 day, 4 hours ago | malware.news
attack caught dilemma hard +10
Sintesi riepilogativa delle campagne malevole nella settimana del 27 Aprile – 3 Maggio 2024 1 day, 6 hours ago | malware.news
cert con cui dei +2
Malware Simulators cannot test Antivirus Software 1 day, 17 hours ago | malware.news
malware analysis topic
Ready2Run - Is dnSpy dead? 1 day, 17 hours ago | malware.news
malware analysis topic

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com
View more jobs