Rocketsoftware Trufusion_enterprise
8 CVEs affecting Rocketsoftware Trufusion_enterprise. Latest disclosed: 2026-02-17. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59793 | Critical | 9.9 | 2026-02-17 | Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. H… |
CVE-2025-27224 | Critical | 9.8 | 2025-10-27 | TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the inp… |
CVE-2025-27222 | High | 8.6 | 2025-10-27 | TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitiz… |
CVE-2025-27225 | High | 7.5 | 2025-10-27 | TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint disclo… |
CVE-2025-27223 | High | 7.5 | 2025-10-27 | TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList… |
CVE-2022-25027 | High | 7.5 | 2023-01-12 | The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by valida… |
CVE-2022-25026 | High | 7.5 | 2023-01-12 | A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network… |
CVE-2025-32355 | High | 7.3 | 2026-02-17 | Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows spec… |