Vulnerabilities > CVE-2013-4091 - Credentials Management vulnerability in Imperva Securesphere 9.0.0.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
imperva
CWE-255
exploit available

Summary

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Vulnerable Configurations

Part Description Count
Application
Imperva
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionImperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities. CVE-2013-4091,CVE-2013-4092,CVE-2013-4093,CVE-2013-4094,CVE-2013-4095. Webapps ex...
idEDB-ID:25977
last seen2016-02-03
modified2013-06-05
published2013-06-05
reporterPedro Andujar
sourcehttps://www.exploit-db.com/download/25977/
titleImperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities