Vulnerabilities > Imperva

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-45468 HTTP Request Smuggling vulnerability in Imperva web Application Firewall
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
network
low complexity
imperva CWE-444
critical
9.8
2020-01-08 CVE-2011-5266 SQL Injection vulnerability in Imperva Securesphere web Application Firewall
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
network
low complexity
imperva CWE-89
critical
9.8
2019-04-25 CVE-2018-16660 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
network
low complexity
imperva CWE-78
8.8
2019-01-10 CVE-2018-5413 Incorrect Permission Assignment for Critical Resource vulnerability in Imperva Securesphere 11.5/12.0/13.0
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
network
low complexity
imperva CWE-732
8.8
2019-01-10 CVE-2018-5412 Unspecified vulnerability in Imperva Securesphere 12.0.0.50
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
local
low complexity
imperva
7.8
2019-01-10 CVE-2018-5403 Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
network
high complexity
imperva CWE-287
8.1
2018-11-28 CVE-2018-19646 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
network
low complexity
imperva CWE-78
critical
9.8