Imperva SecureSphere Vulnerability -CVE-2023-50969
Share this:
A newly discovered vulnerability in Imperva SecureSphere, a widely used on-premises Web Application Firewall (WAF), has the potential to expose organizations to devastating security breaches.
The vulnerability tracked as CVE-2023-50969 with a critical CVSS score of 9.8, could allow attackers to bypass security rules designed to prevent common web attacks like SQL injection and cross-site scripting.
Security researcher HoyaHaxa has revealed technical details of the vulnerability, demonstrating how a malicious actor could exploit it. By manipulating the “Content-Encoding” headers in HTTP requests and sending specifically encoded POST data, attackers can effectively slip malicious payloads past the WAF’s defenses. Successful exploitation would enable attackers to target vulnerabilities within applications that the WAF was supposed to protect.
Imperva has confirmed that the CVE-2023-50969 vulnerability affects specific versions of SecureSphere WAF. Organizations with Imperva SecureSphere WAF v14.7.0.40 are at risk. Imperva Cloud WAF customers are not affected.
Apply the ADC rule update released by Imperva on February 26, 2024. Imperva customers can find detailed instructions in the official documentation https://docs.imperva.com/bundle/z-kb-articles-km/page/f81a5705.html on the Imperva Support Portal.
Conduct a thorough audit of your web applications, paying close attention to any known vulnerabilities that were previously protected by the WAF. Consider additional security measures such as vulnerability scanning and penetration testing to strengthen your defenses.
