CVE-2013-4091
high
CVSS v3
—
VIR risk
7.5
Description
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| imperva | securesphere | 9.0.0.5 | |
References
- http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html
- http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt
- http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html
- http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt
CWEs
CWE-255
💬 Discuss CVE-2013-4091 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.