CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5412
https://notcve.org/view.php?id=CVE-2018-5412
Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. Imperva SecureSphere v12.0.0.50 es vulnerable a la ejecución de código arbitrario local, escapando del modo sealed. • https://www.exploit-db.com/exploits/45132 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2018-19646
https://notcve.org/view.php?id=CVE-2018-19646
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. Los scripts Python CGI en PWS en Imperva SecureSphere 13.0.10, 13.1.10 y 13.2.10 permiten que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo debido a que los argumentos de la línea de comandos se gestionan de manera incorrecta. • https://www.exploit-db.com/exploits/45542 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4887
https://notcve.org/view.php?id=CVE-2011-4887
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. Vulnerabilidad de XSS en la tabla de violaciones en la GUI de gestión en el servidor MX Management en Imperva SecureSphere Web Application Firewall (WAF) 9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo del nombre del usuario. • http://osvdb.org/79338 http://secunia.com/advisories/48086 http://www.imperva.com/Services/adc_advisories_response_secureworks_CVE_2011_4887 http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-002 http://www.securityfocus.com/bid/52064 https://exchange.xforce.ibmcloud.com/vulnerabilities/73264 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-4094 – Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4094
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script. La funcionalidad Key Management en SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5 permite a usuarios autenticados remotamente cargar archivos ejecutables a través de (1) private_key o (2) el parámetro public_key en una solicitud de T/keyManagement a plain/settings.html, como se ha demostrado mediante la subida de un archivo ELF Linux y una secuencia de comandos de shell. • https://www.exploit-db.com/exploits/25977 http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-4091 – Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4091
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5 no tiene un atributo de autocompletar para el campo de la contraseña (aka j_password)en la página de inicio de sesión secsphLogin.jsp, lo que hace que sea más fácil para los atacantes remotos obtener acceso mediante el aprovechamiento una estación de trabajo sin supervisión. • https://www.exploit-db.com/exploits/25977 http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt • CWE-255: Credentials Management Errors •