Imperva: Security Vulnerabilities
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
CVSS Score
9.8
EPSS Score
0.308
Published
2022-01-14
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-01-08
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
CVSS Score
8.8
EPSS Score
0.047
Published
2019-04-25
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
CVSS Score
8.1
EPSS Score
0.047
Published
2019-01-10
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-01-10
Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-01-10
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-11-28
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-09-11
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
CVSS Score
6.5
EPSS Score
0.037
Published
2013-06-28
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
CVSS Score
6.5
EPSS Score
0.029
Published
2013-06-28
Page 1