CVE-2018-5403

Published: Jan 10, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.

Affected (3)

Products: Imperva: Securesphere

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Imperva Securesphere	Version 13.0.10
Imperva Securesphere	Version 13.1.10
Imperva Securesphere	Version 13.2.10

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://www.exploit-db.com/exploits/45542

Source: cret@cert.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/45542

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.