Vulnerabilities > Imperva
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2021-45468 | HTTP Request Smuggling vulnerability in Imperva web Application Firewall Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. | 7.5 |
| 2020-01-08 | CVE-2011-5266 | SQL Injection vulnerability in Imperva Securesphere web Application Firewall Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | 7.5 |
| 2019-04-25 | CVE-2018-16660 | OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation. | 9.0 |
| 2019-01-10 | CVE-2018-5413 | Incorrect Permission Assignment for Critical Resource vulnerability in Imperva Securesphere 11.5/12.0/13.0 Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. | 6.5 |
| 2019-01-10 | CVE-2018-5412 | Unspecified vulnerability in Imperva Securesphere 12.0.0.50 Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. | 7.2 |
| 2019-01-10 | CVE-2018-5403 | Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. | 6.8 |
| 2018-11-28 | CVE-2018-19646 | OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. | 10.0 |
| 2014-09-11 | CVE-2011-4887 | Cross-Site Scripting vulnerability in Imperva Securesphere web Application Firewall 9.0 Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. | 4.3 |
| 2013-06-28 | CVE-2013-4095 | Improper Input Validation vulnerability in Imperva Securesphere 9.0.0.5 plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field. | 6.5 |
| 2013-06-28 | CVE-2013-4094 | Improper Input Validation vulnerability in Imperva Securesphere 9.0.0.5 The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script. | 6.5 |