Vulnerabilities > Imperva > Securesphere

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2018-16660 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
network
low complexity
imperva CWE-78
critical
9.0
2019-01-10 CVE-2018-5413 Incorrect Permission Assignment for Critical Resource vulnerability in Imperva Securesphere 11.5/12.0/13.0
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
network
low complexity
imperva CWE-732
6.5
2019-01-10 CVE-2018-5412 Unspecified vulnerability in Imperva Securesphere 12.0.0.50
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
local
low complexity
imperva
7.2
2019-01-10 CVE-2018-5403 Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
network
imperva CWE-287
6.8
2018-11-28 CVE-2018-19646 OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
network
low complexity
imperva CWE-78
critical
10.0
2013-06-28 CVE-2013-4095 Improper Input Validation vulnerability in Imperva Securesphere 9.0.0.5
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
network
low complexity
imperva CWE-20
6.5
2013-06-28 CVE-2013-4094 Improper Input Validation vulnerability in Imperva Securesphere 9.0.0.5
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
network
low complexity
imperva CWE-20
6.5
2013-06-28 CVE-2013-4093 Path Traversal vulnerability in Imperva Securesphere 9.0.0.5
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
network
low complexity
imperva CWE-22
5.0
2013-06-28 CVE-2013-4092 Credentials Management vulnerability in Imperva Securesphere 9.0.0.5
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history.
network
low complexity
imperva CWE-255
5.0
2013-06-28 CVE-2013-4091 Credentials Management vulnerability in Imperva Securesphere 9.0.0.5
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
network
low complexity
imperva CWE-255
7.5