Lucene search

[email protected]CVE-2013-4091

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-4091

2022-10-0316:14:57

CWE-255

[email protected]

web.nvd.nist.gov

cve

securesphere operations manager

som

imperva

securesphere

nvd

security vulnerability

remote attack

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.6%

JSON

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Affected configurations

NVD

Node

impervasecuresphereMatch9.0.0.5

CPENameOperatorVersion
imperva:securesphereimperva securesphereeq9.0.0.5

CPE	Name	Operator	Version
imperva:securesphere	imperva securesphere	eq	9.0.0.5

References

packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html

www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for CVE-2013-4091

cvelist1 nvd1 prion1