CVE-2018-16660

Name of the Vulnerable Software and Affected Versions Imperva SecureSphere versions 13.0.0.10 and 13.1.0.10 Gateway

Description A command injection issue in PWS allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.

Recommendations For Imperva SecureSphere version 13.0.0.10, update to a version that contains a fix for this issue. For Imperva SecureSphere version 13.1.0.10, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the PWS component to minimize the risk of exploitation.