CVE-2013-4095

Name of the Vulnerable Software and Affected Versions Imperva SecureSphere version 9.0.0.5

Description The issue allows remote authenticated users to execute arbitrary commands. This is achieved by creating a task with a command field in conjunction with an arguments field in the plain/actionsets.html page of the SecureSphere Operations Manager (SOM) Management Server.

Recommendations For Imperva SecureSphere version 9.0.0.5, consider restricting access to the plain/actionsets.html page to prevent unauthorized command execution. As a temporary workaround, limit the ability to create tasks with command and arguments fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.