CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50969
https://notcve.org/view.php?id=CVE-2023-50969
28 Mar 2024 — Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468. Thales Imperva SecureSphere WAF 14.7.0.40 permite a atacantes remotos eludir las reglas WAF mediante una solicitud POST manipulada, una vulnerabilidad diferente a CVE-2021-45468. • https://docs.imperva.com/bundle/v14.7-waf-administration-guide/page/9282.htm •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 2CVE-2021-45468
https://notcve.org/view.php?id=CVE-2021-45468
14 Jan 2022 — Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF. Imperva Web Application Firewall (WAF) versiones anteriores a 31-12-2021 permite a atacantes remotos no autenticados usar "Content-Encoding: gzip" para omitir los controles de seguridad del WAF y enviar peticiones HTTP POST maliciosas a servidores web detrás del WAF • https://github.com/0xhaggis/Imperva_gzip_bypass • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2011-5266
https://notcve.org/view.php?id=CVE-2011-5266
08 Jan 2020 — Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. Imperva SecureSphere Web Application Firewall (WAF) antes del 12 de agosto de 2010, permite omitir el filtro de inyección SQL. • http://seclists.org/fulldisclosure/2011/May/163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 4%CPEs: 3EXPL: 1CVE-2018-16660
https://notcve.org/view.php?id=CVE-2018-16660
25 Apr 2019 — A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation. Una vulnerabilidad de inyección de comandos en PWS en Imperva SecureSphere versión 13.0.0.10 y 13.1.0.10 Gateway, permite a un atacante con acceso autenticado ejecutar comandos arbitrarios del SO en una instalación vulnerable. • https://www.exploit-db.com/exploits/45542 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 4%CPEs: 3EXPL: 1CVE-2018-5403
https://notcve.org/view.php?id=CVE-2018-5403
10 Jan 2019 — Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. La puerta de enlace Imperva SecureSphere (GW) que ejecuta la versión 13, tanto para pre o post FTL (First Time Login), si el atacante conoce las contraseñas básicas de autenticación, el GW podría ser vulnerable a la ejecución remota de... • https://www.exploit-db.com/exploits/45542 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5412
https://notcve.org/view.php?id=CVE-2018-5412
10 Jan 2019 — Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. Imperva SecureSphere v12.0.0.50 es vulnerable a la ejecución de código arbitrario local, escapando del modo sealed. • https://www.exploit-db.com/exploits/45132 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-5413
https://notcve.org/view.php?id=CVE-2018-5413
10 Jan 2019 — Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation. Imperva SecureSphere v13.0, v12.0 o v11.5 permite que usuarios con pocos privilegios añadan claves de inicio de sesión SSH al usuario administrador, lo que resulta en un escalado de privilegios. • https://www.exploit-db.com/exploits/45130 • CWE-250: Execution with Unnecessary Privileges CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2018-19646
https://notcve.org/view.php?id=CVE-2018-19646
28 Nov 2018 — The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. Los scripts Python CGI en PWS en Imperva SecureSphere 13.0.10, 13.1.10 y 13.2.10 permiten que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo debido a que los argumentos de la línea de comandos se gestionan de manera incorrecta. • https://www.exploit-db.com/exploits/45542 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4887
https://notcve.org/view.php?id=CVE-2011-4887
11 Sep 2014 — Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. Vulnerabilidad de XSS en la tabla de violaciones en la GUI de gestión en el servidor MX Management en Imperva SecureSphere Web Application Firewall (WAF) 9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través d... • http://osvdb.org/79338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2013-4091 – Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4091
28 Jun 2013 — The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. SecureSphere Operations Manager (SOM) Management Server en Imperva SecureSphere v9.0.0.5 no tiene un atributo de autocompletar para el campo de la contraseña (aka j_password)en la página de inicio de ... • https://www.exploit-db.com/exploits/25977 • CWE-255: Credentials Management Errors •