Imperva: >> Securesphere >> 13.0.10 Security Vulnerabilities
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
CVSS Score
8.8
EPSS Score
0.047
Published
2019-04-25
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
CVSS Score
8.1
EPSS Score
0.047
Published
2019-01-10
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-11-28