Vulnerabilities > Imperva

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-45468 HTTP Request Smuggling vulnerability in Imperva web Application Firewall
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
network
low complexity
imperva CWE-444
7.5
2020-01-08 CVE-2011-5266 SQL Injection vulnerability in Imperva Securesphere web Application Firewall
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
network
low complexity
imperva CWE-89
7.5
2019-04-25 CVE-2018-16660 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
network
low complexity
imperva CWE-78
critical
9.0
2019-01-10 CVE-2018-5413 Incorrect Permission Assignment for Critical Resource vulnerability in Imperva Securesphere 11.5/12.0/13.0
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
network
low complexity
imperva CWE-732
6.5
2019-01-10 CVE-2018-5412 Unspecified vulnerability in Imperva Securesphere 12.0.0.50
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
local
low complexity
imperva
7.2
2019-01-10 CVE-2018-5403 Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
network
imperva CWE-287
6.8
2018-11-28 CVE-2018-19646 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
network
low complexity
imperva CWE-78
critical
10.0
2014-09-11 CVE-2011-4887 Cross-Site Scripting vulnerability in Imperva Securesphere web Application Firewall 9.0
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
network
imperva CWE-79
4.3
2013-06-28 CVE-2013-4095 Improper Input Validation vulnerability in Imperva Securesphere 9.0.0.5
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
network
low complexity
imperva CWE-20
6.5
2013-06-28 CVE-2013-4094 Improper Input Validation vulnerability in Imperva Securesphere 9.0.0.5
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
network
low complexity
imperva CWE-20
6.5