Vulnerabilities > Imperva > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2018-16660 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
network
low complexity
imperva CWE-78
8.8
2019-01-10 CVE-2018-5413 Incorrect Permission Assignment for Critical Resource vulnerability in Imperva Securesphere 11.5/12.0/13.0
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
network
low complexity
imperva CWE-732
8.8
2019-01-10 CVE-2018-5412 Unspecified vulnerability in Imperva Securesphere 12.0.0.50
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
local
low complexity
imperva
7.8
2019-01-10 CVE-2018-5403 Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
network
high complexity
imperva CWE-287
8.1