A vulnerability has been found in TOS Aurora between TOS 20-2 PGA and TOS 23-2 PGA. Details have been published in the Tufin Portal (Auth required):
Tufin points out that access to one API might be possible without authentication.
This issue is fixed in R23-2 PHF1.0.0, R23-1 PHF3.1.0, and R22-2 PHF4.1.0, respectively. For earlier versions it's recommended to upgrade to a supported one.