11 matches found
CVE-2013-4093
CVE-2013-4093 affects Imperva SecureSphere SOM 9.0.0.5 (Management Server). The vulnerability allows remote attackers to leak sensitive information through two paths: (1) direct access to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr reveals the installation path in s0.filePat...
CVE-2013-4091
Affected product: Imperva SecureSphere SOM Management Server (SOM) version 9.0.0.5. Vulnerability: The secsphLogin.jsp login page’s j_password field does not have an off autocomplete attribute, enabling password exposure on unattended workstations. Impact/Context: This condition can make it easie...
CVE-2013-4094
CVE-2013-4094 concerns Imperva SecureSphere 9.0.0.5, where the Key Management feature in the SOM Management Server allows remote authenticated users to upload executable files via the private_key or public_key parameters in a T/keyManagement request to plain/settings.html, demonstrated by Linux E...
CVE-2018-16660
CVE-2018-16660 affects Imperva SecureSphere Gateway PWS in versions 13.0.0.10 and 13.1.0.10. The vulnerability is a command injection that, when an attacker has authenticated access, can cause arbitrary OS commands to be executed on the vulnerable installation. CVSS metrics from NVD indicate a hi...
CVE-2018-5412
CVE-2018-5412 : Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution (escaping sealed-mode). The connected records corroborate a local arbitrary code execution risk in Imperva SecureSphere 12.0.0.50. The CVE entry itself notes a local attack vector with high imp...
CVE-2013-4092
The CVE-2013-4092 entry concerns Imperva SecureSphere SOM (Management Server) version 9.0.0.5. The issue enables context‑dependent attackers to obtain sensitive information by exploiting (1) a session ID in the jsessionid field to access secsphLogin.jsp or (2) credentials in the j_password parame...
CVE-2018-19646
CVE-2018-19646 affects Imperva SecureSphere Personal Web Server (PWS) CGI scripts. Vulnerable component: Python CGI scripts in PWS versions 13.0.10, 13.1.10, and 13.2.10. Root cause: command-line arguments are mishandled, allowing remote attackers to execute arbitrary OS commands. Impact: high se...
CVE-2013-4095
Imperva SecureSphere SOM Management Server (v9.0.0.5) is affected by CVE-2013-4095. Remote authenticated users can execute arbitrary commands via a task payload using a [command].value field together with an [arguments].value field. The description is consistent across multiple sources (NVD/Red H...
CVE-2018-5403
CVE-2018-5403 affects Imperva SecureSphere gateway (GW) running v13. The vulnerability allows remote code execution via specially crafted requests to the web access management interface, applicable for both pre-First Time Login and post-First Time Login (FTL) when an attacker knows the basic auth...
CVE-2018-5413
CVE-2018-5413 affects Imperva SecureSphere versions 11.5, 12.0 and 13.0. A low-privilege user can add SSH keys to the administrator’s authorized_keys, enabling privilege escalation. The CNVD entry specifies the elevation of privilege vector and notes the exploitability; no patch/mitigation detail...
CVE-2008-1463
CVE-2008-1463 describes a cross-site scripting (XSS) vulnerability in the management GUI of Imperva SecureSphere MX Management Server 5.0. The issue arises when processing an invalid or prohibited request to a web server protected by SecureSphere, allowing an attacker to inject arbitrary web scri...