Vulnerabilities > Imperva > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-45468 HTTP Request Smuggling vulnerability in Imperva web Application Firewall
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
network
low complexity
imperva CWE-444
critical
9.8
2020-01-08 CVE-2011-5266 SQL Injection vulnerability in Imperva Securesphere web Application Firewall
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
network
low complexity
imperva CWE-89
critical
9.8
2018-11-28 CVE-2018-19646 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
network
low complexity
imperva CWE-78
critical
9.8