Imperva

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-45468 1Imperva 1Web Application Firewall Nov 21, 2024 Jan 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind...Show more Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.Show less
CVE-2011-5266 1Imperva 1Securesphere Web Application Firewall Nov 21, 2024 Jan 8, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
CVE-2018-16660 1Imperva 1Securesphere Nov 21, 2024 Apr 25, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
CVE-2018-5413 1Imperva 1Securesphere Nov 21, 2024 Jan 10, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.
CVE-2018-5412 1Imperva 1Securesphere Nov 21, 2024 Jan 10, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode.
CVE-2018-5403 1Imperva 1Securesphere Nov 21, 2024 Jan 10, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially cra...Show more Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.Show less
CVE-2018-19646 1Imperva 1Securesphere Nov 21, 2024 Nov 28, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
CVE-2011-4887 1Imperva 1Securesphere Web Application Firewall May 6, 2026 Sep 11, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary we...Show more Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.Show less
CVE-2013-4095 1Imperva 1Securesphere Apr 29, 2026 Jun 28, 2013 N/A· v4 N/A· v3 6.5 MEDIUM· v2 plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field...Show more plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.Show less
CVE-2013-4094 1Imperva 1Securesphere Apr 29, 2026 Jun 28, 2013 N/A· v4 N/A· v3 6.5 MEDIUM· v2 The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public...Show more The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.Show less
CVE-2013-4093 1Imperva 1Securesphere Apr 29, 2026 Jun 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer....Show more The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.Show less
CVE-2013-4092 1Imperva 1Securesphere Apr 29, 2026 Jun 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessio...Show more The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history.Show less
CVE-2013-4091 1Imperva 1Securesphere Apr 29, 2026 Jun 28, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which mak...Show more The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.Show less
CVE-2011-0767 1Imperva 1Securesphere Web Application Firewall Apr 29, 2026 Jun 6, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML...Show more Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759.Show less
CVE-2010-1329 1Imperva 2Securesphere Database Firewall Securesphere Web Application Firewall Apr 29, 2026 Apr 15, 2010 N/A· v4 N/A· v3 7.8 HIGH· v2 Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string contain...Show more Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.Show less
CVE-2008-1463 1Imperva 2Securesphere Securesphere Mx Management Server Apr 23, 2026 Mar 24, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web...Show more Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.Show less