Vulnerabilities > Imperva

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-14	CVE-2021-45468	HTTP Request Smuggling vulnerability in Imperva web Application Firewall Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. network low complexity imperva CWE-444 critical	9.8
2020-01-08	CVE-2011-5266	SQL Injection vulnerability in Imperva Securesphere web Application Firewall Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. network low complexity imperva CWE-89 critical	9.8
2019-04-25	CVE-2018-16660	OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation. network low complexity imperva CWE-78	8.8
2019-01-10	CVE-2018-5413	Incorrect Permission Assignment for Critical Resource vulnerability in Imperva Securesphere 11.5/12.0/13.0 Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. network low complexity imperva CWE-732	8.8
2019-01-10	CVE-2018-5412	Unspecified vulnerability in Imperva Securesphere 12.0.0.50 Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. local low complexity imperva	7.8
2019-01-10	CVE-2018-5403	Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. network high complexity imperva CWE-287	8.1
2018-11-28	CVE-2018-19646	OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. network low complexity imperva CWE-78 critical	9.8

Vulnerabilities > Imperva {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Imperva"}]}

Vulnerabilities > Imperva