Critical Vulnerability in Imperva SecureSphere Web Application Firewall
The critical vulnerability could allow an attacker to bypass Web Application Firewall (WAF) rules
Summary
The critical vulnerability could allow an attacker to bypass Web Application Firewall (WAF) rules
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Imperva have released a security update to address a critical vulnerability in SecureSphere Web Application Firewall (WAF). Imperva SecureSphere WAF is an on-premise firewall that is used to inspect, monitor, and block traffic to web applications.
The vulnerability assigned CVE-2023-50969 has a CVSSv3 score of 9.8 and could allow an attacker to bypass WAF rules.
Remediation advice
Affected organisations are encouraged to review the Imperva Knowledgebase Article and apply the relevant updates.
Remediation steps
Type | Step |
---|---|
Patch |
This vulnerability can be remediated by applying the Application Defense Centre (ADC) rule update that was released on February 26, 2024. https://docs.imperva.com/bundle/z-kb-articles-km/page/f81a5705.html |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 2 April 2024 1:43 pm