Securesphere
CVE-2013-4095
MEDIUM
Severity by source
AV:N/AC:L/Au:S/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
AnalysisAI
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field. Affected products include: Imperva Securesphere.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Securesphere
View allThe Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute ar
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocom
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent att
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to o
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today