Product
rocketsoftware trufusion enterprise
8 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-32355
CVE-2025-59793
CVE-2025-27225
CVE-2025-27224
CVE-2025-27223
CVE-2025-27222
CVE-2022-25027
CVE-2022-25026
< 7.10.5.0
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigu
< 7.10.5.0
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users
<= 7.10.4.0
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticate
<= 7.10.4.0
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application does
<= 7.10.4.0
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /tr
<= 7.10.4.0
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the applica
< 7.9.5.1
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and acce
< 7.9.5.1
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resou