Vulnerabilities > Imperva > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-14 | CVE-2021-45468 | HTTP Request Smuggling vulnerability in Imperva web Application Firewall Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. | 7.5 |
2020-01-08 | CVE-2011-5266 | SQL Injection vulnerability in Imperva Securesphere web Application Firewall Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | 7.5 |
2019-01-10 | CVE-2018-5412 | Unspecified vulnerability in Imperva Securesphere 12.0.0.50 Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. | 7.2 |
2013-06-28 | CVE-2013-4091 | Credentials Management vulnerability in Imperva Securesphere 9.0.0.5 The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.5 |
2010-04-15 | CVE-2010-1329 | Unspecified vulnerability in Imperva products Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation. | 7.8 |