Lucene search
MitreCVE-2013-4091HistoryJun 28, 2013 - 11:55 p.m.
CVE-2013-4091
2013-06-2823:55:09
CWE-255
mitre
web.nvd.nist.gov
27
cve
securesphere operations manager
som
imperva
securesphere
nvd
security vulnerability
remote attack
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.005
Percentile
77.5%
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Affected configurations
Node
impervasecuresphereMatch9.0.0.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| imperva | securesphere | 9.0.0.5 | cpe:2.3:a:imperva:securesphere:9.0.0.5:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2013-4091
2013-06-28 23:55:09
cvelist
cvelist
CVE-2013-4091
2013-06-28 23:00:00
prion
prion
Design/Logic Flaw
2013-06-28 23:55:00
exploitdb
exploitdb
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
2013-06-05 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.005
Percentile
77.5%
Related for CVE-2013-4091