Imperva

Securesphere

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2018-16660

Exploit
  • EPSS 65.03%
  • Veröffentlicht 25.04.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 03:53:09

A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.

8.1

CVE-2018-5403

Exploit
  • EPSS 4.67%
  • Veröffentlicht 10.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:44

Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web ac...

7.8

CVE-2018-5412

Exploit
  • EPSS 0.16%
  • Veröffentlicht 10.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:46

Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.

8.8

CVE-2018-5413

Exploit
  • EPSS 0.36%
  • Veröffentlicht 10.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:46

Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.

10

CVE-2018-19646

  • EPSS 2.61%
  • Veröffentlicht 28.11.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:20

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.

6.5

CVE-2013-4095

  • EPSS 3.73%
  • Veröffentlicht 28.06.2013 23:55:12
  • Zuletzt bearbeitet 11.04.2025 00:51:21

plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [argum...

6.5

CVE-2013-4094

  • EPSS 2.86%
  • Veröffentlicht 28.06.2013 23:55:11
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManag...

5

CVE-2013-4093

  • EPSS 5.04%
  • Veröffentlicht 28.06.2013 23:55:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which r...

7.5

CVE-2013-4091

  • EPSS 3.49%
  • Veröffentlicht 28.06.2013 23:55:09
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attack...

5

CVE-2013-4092

  • EPSS 6%
  • Veröffentlicht 28.06.2013 23:55:09
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp o...