Vulnerabilities > Imperva
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-28 | CVE-2013-4093 | Path Traversal vulnerability in Imperva Securesphere 9.0.0.5 The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message. | 5.0 |
| 2013-06-28 | CVE-2013-4092 | Credentials Management vulnerability in Imperva Securesphere 9.0.0.5 The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history. | 5.0 |
| 2013-06-28 | CVE-2013-4091 | Credentials Management vulnerability in Imperva Securesphere 9.0.0.5 The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
| 2011-06-06 | CVE-2011-0767 | Cross-Site Scripting vulnerability in Imperva Securesphere web Application Firewall Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759. | 4.3 |
| 2010-04-15 | CVE-2010-1329 | Unspecified vulnerability in Imperva products Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. | 7.8 |
| 2008-03-24 | CVE-2008-1463 | Cross-Site Scripting vulnerability in Imperva Securesphere and Securesphere MX Management Server Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page. | 4.3 |