Lucene search
K
ImpervaSecuresphere

11 matches found

CVE
CVE
added 2013/06/28 11:0 p.m.50 views

CVE-2013-4093

CVE-2013-4093 affects Imperva SecureSphere SOM 9.0.0.5 (Management Server). The vulnerability allows remote attackers to leak sensitive information through two paths: (1) direct access to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr reveals the installation path in s0.filePat...

5CVSS6.4AI score0.06883EPSS
Web
CVE
CVE
added 2013/06/28 11:0 p.m.49 views

CVE-2013-4091

Affected product: Imperva SecureSphere SOM Management Server (SOM) version 9.0.0.5. Vulnerability: The secsphLogin.jsp login page’s j_password field does not have an off autocomplete attribute, enabling password exposure on unattended workstations. Impact/Context: This condition can make it easie...

7.5CVSS6.9AI score0.05594EPSS
CVE
CVE
added 2013/06/28 11:0 p.m.48 views

CVE-2013-4094

CVE-2013-4094 concerns Imperva SecureSphere 9.0.0.5, where the Key Management feature in the SOM Management Server allows remote authenticated users to upload executable files via the private_key or public_key parameters in a T/keyManagement request to plain/settings.html, demonstrated by Linux E...

6.5CVSS6.5AI score0.05629EPSS
Web
CVE
CVE
added 2019/04/25 7:40 p.m.46 views

CVE-2018-16660

CVE-2018-16660 affects Imperva SecureSphere Gateway PWS in versions 13.0.0.10 and 13.1.0.10. The vulnerability is a command injection that, when an attacker has authenticated access, can cause arbitrary OS commands to be executed on the vulnerable installation. CVSS metrics from NVD indicate a hi...

9CVSS8.9AI score0.18567EPSS
CVE
CVE
added 2019/01/10 10:0 p.m.46 views

CVE-2018-5412

CVE-2018-5412 : Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution (escaping sealed-mode). The connected records corroborate a local arbitrary code execution risk in Imperva SecureSphere 12.0.0.50. The CVE entry itself notes a local attack vector with high imp...

7.8CVSS7.6AI score0.00611EPSS
CVE
CVE
added 2013/06/28 11:0 p.m.45 views

CVE-2013-4092

The CVE-2013-4092 entry concerns Imperva SecureSphere SOM (Management Server) version 9.0.0.5. The issue enables context‑dependent attackers to obtain sensitive information by exploiting (1) a session ID in the jsessionid field to access secsphLogin.jsp or (2) credentials in the j_password parame...

5CVSS6.2AI score0.04865EPSS
CVE
CVE
added 2018/11/28 5:0 p.m.45 views

CVE-2018-19646

CVE-2018-19646 affects Imperva SecureSphere Personal Web Server (PWS) CGI scripts. Vulnerable component: Python CGI scripts in PWS versions 13.0.10, 13.1.10, and 13.2.10. Root cause: command-line arguments are mishandled, allowing remote attackers to execute arbitrary OS commands. Impact: high se...

10CVSS9.7AI score0.0345EPSS
CVE
CVE
added 2013/06/28 11:0 p.m.43 views

CVE-2013-4095

Imperva SecureSphere SOM Management Server (v9.0.0.5) is affected by CVE-2013-4095. Remote authenticated users can execute arbitrary commands via a task payload using a [command].value field together with an [arguments].value field. The description is consistent across multiple sources (NVD/Red H...

6.5CVSS7.3AI score0.05885EPSS
Web
CVE
CVE
added 2019/01/10 10:0 p.m.43 views

CVE-2018-5403

CVE-2018-5403 affects Imperva SecureSphere gateway (GW) running v13. The vulnerability allows remote code execution via specially crafted requests to the web access management interface, applicable for both pre-First Time Login and post-First Time Login (FTL) when an attacker knows the basic auth...

8.1CVSS8.1AI score0.02413EPSS
CVE
CVE
added 2019/01/10 10:0 p.m.39 views

CVE-2018-5413

CVE-2018-5413 affects Imperva SecureSphere versions 11.5, 12.0 and 13.0. A low-privilege user can add SSH keys to the administrator’s authorized_keys, enabling privilege escalation. The CNVD entry specifies the elevation of privilege vector and notes the exploitability; no patch/mitigation detail...

8.8CVSS8.4AI score0.01255EPSS
CVE
CVE
added 2008/03/24 9:0 p.m.38 views

CVE-2008-1463

CVE-2008-1463 describes a cross-site scripting (XSS) vulnerability in the management GUI of Imperva SecureSphere MX Management Server 5.0. The issue arises when processing an invalid or prohibited request to a web server protected by SecureSphere, allowing an attacker to inject arbitrary web scri...

4.3CVSS5.9AI score0.01582EPSS