Rocketsoftware Trufusion_enterprise

8 CVEs affecting Rocketsoftware Trufusion_enterprise. Latest disclosed: 2026-02-17. Critical: 2, High: 6.

Top CVEs affecting Rocketsoftware Trufusion_enterprise
CVESeverityScorePublishedSummary
CVE-2025-59793Critical9.92026-02-17Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. H…
CVE-2025-27224Critical9.82025-10-27TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the inp…
CVE-2025-27222High8.62025-10-27TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitiz…
CVE-2025-27225High7.52025-10-27TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint disclo…
CVE-2025-27223High7.52025-10-27TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList…
CVE-2022-25027High7.52023-01-12The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by valida…
CVE-2022-25026High7.52023-01-12A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network…
CVE-2025-32355High7.32026-02-17Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows spec…