Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Searchable List of CVE Coverage.

    Posted 03-08-2022 16:24
    Good Day,

    As we continue to move all of our externally facing sites to the WAF, our vulnerability management team is always asking "Will the WAF cover CVE-XXXX?"

    The big ones that hit the news are usually listed in a blog, but obscure old ones i can never with confidence find a direct answer.

    Do i need to open a case everytime to find something that seems simple?  Or am i over-looking an obvious link to what is covered?

    Example this week...Can you please also check on CVE-2018-8039 and CVE-2018-1258?

    thanks to all that take time to read and answer.
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Walter Dodson
    Senior Information Security Engineer
    Columbus OH
    ------------------------------


  • 2.  RE: Searchable List of CVE Coverage.

    Posted 03-09-2022 05:41

    Hi Walter,

    For a start, I would suggest that you check out this link: Recently Mitigated CVEs

    Searching the specific CVE on the support portal will also turn up any results from across community, documentation and knowledgebase. 

    Thanks, 



    ------------------------------
    Sarah Lamont(csp)
    Digital Community Manager
    ------------------------------



  • 3.  RE: Searchable List of CVE Coverage.

    Posted 03-09-2022 05:47

    Hi Walter,

    The link that Sarah mentions is correct.

    However, from a support perspective, we can check on individual CVE queries raised by customers, that do not appear on that list.  We can provide the current status (protected OOTB, not in scope for the product or pending etc.) & involve a wider team when necessary.

    In this case those 2 CVEs we would need to run a check, so I would advise, in this instance, that you raise a support case.

    Thanks,



    ------------------------------
    Mark McGarrigan
    Technical User
    Tel Aviv CA
    ------------------------------