Vulnerabilities > Imperva
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-14 | CVE-2021-45468 | HTTP Request Smuggling vulnerability in Imperva web Application Firewall Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. | 9.8 |
2020-01-08 | CVE-2011-5266 | SQL Injection vulnerability in Imperva Securesphere web Application Firewall Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | 9.8 |
2019-04-25 | CVE-2018-16660 | OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation. | 8.8 |
2019-01-10 | CVE-2018-5413 | Incorrect Permission Assignment for Critical Resource vulnerability in Imperva Securesphere 11.5/12.0/13.0 Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. | 8.8 |
2019-01-10 | CVE-2018-5412 | Unspecified vulnerability in Imperva Securesphere 12.0.0.50 Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. | 7.8 |
2019-01-10 | CVE-2018-5403 | Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. | 8.1 |
2018-11-28 | CVE-2018-19646 | OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. | 9.8 |