Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
Max CVSS
9.8
EPSS Score
0.80%
Published
2022-01-14
Updated
2022-01-21
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
Max CVSS
10.0
EPSS Score
0.28%
Published
2018-11-28
Updated
2019-02-04
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
Max CVSS
9.0
EPSS Score
0.36%
Published
2019-04-25
Updated
2019-04-29
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
Max CVSS
8.8
EPSS Score
0.65%
Published
2019-01-10
Updated
2019-10-09
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
Max CVSS
7.8
EPSS Score
0.06%
Published
2019-01-10
Updated
2019-10-09
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
Max CVSS
8.1
EPSS Score
57.19%
Published
2019-01-10
Updated
2019-10-09
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
Max CVSS
6.5
EPSS Score
0.12%
Published
2013-06-28
Updated
2013-07-01
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
Max CVSS
6.5
EPSS Score
0.15%
Published
2013-06-28
Updated
2013-07-01
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Max CVSS
7.5
EPSS Score
0.34%
Published
2013-06-28
Updated
2013-07-01
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
Max CVSS
9.8
EPSS Score
0.23%
Published
2020-01-08
Updated
2020-01-15
Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.
Max CVSS
7.8
EPSS Score
0.30%
Published
2010-04-15
Updated
2018-10-10
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!