Vulnerabilities > Imperva > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2021-45468 HTTP Request Smuggling vulnerability in Imperva web Application Firewall
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
network
low complexity
imperva CWE-444
7.5
2020-01-08 CVE-2011-5266 SQL Injection vulnerability in Imperva Securesphere web Application Firewall
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
network
low complexity
imperva CWE-89
7.5
2019-01-10 CVE-2018-5412 Unspecified vulnerability in Imperva Securesphere 12.0.0.50
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
local
low complexity
imperva
7.2
2013-06-28 CVE-2013-4091 Credentials Management vulnerability in Imperva Securesphere 9.0.0.5
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
network
low complexity
imperva CWE-255
7.5
2010-04-15 CVE-2010-1329 Unspecified vulnerability in Imperva products
Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.
network
low complexity
imperva crossbeamsystems
7.8