Vulnerabilities > Imperva > Securesphere > 13.2.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-25 | CVE-2018-16660 | OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation. | 8.8 |
| 2019-01-10 | CVE-2018-5403 | Improper Authentication vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. | 8.1 |
| 2018-11-28 | CVE-2018-19646 | OS Command Injection vulnerability in Imperva Securesphere 13.0.10/13.1.10/13.2.10 The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. | 9.8 |