Imperva SecureSphere 安全漏洞

Imperva SecureSphere is a suite of high-performance, centralized data security protection and management products from Imperva, USA. The product provides unified auditing, reporting and logging of different SecureSphere products, visualization of security status and real-time monitoring of events...

CVE-2018-16660

A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation...

CVE-2018-5403

Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...

Imperva SecureSphere Web Application Firewall Detects Bypass Vulnerabilities

Imperva SecureSphere Web Application Firewall is a WEB application firewall that protects web applications and sensitive data. A detection bypass vulnerability exists in the a parameter of the sqli.asp page in Imperva version 11.5, which can be exploited by attackers to bypass security restrictio...