Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  CVE Coverage

    Posted 11-12-2022 23:38
    Dear Team,

    Hope you're all doing good

    While checking CVE coverage, we found some CVE's not found in Securesphere or Imperva recently mitigated CVE's. Let me know, how Imperva covering below mentioned CVE's in WAF.

    CVE's:
    CVE-2022-29404
    CVE-2022-30522
    CVE-2022-22721
    CVE-2021-44790
    CVE-2022-35947
    CVE-2022-0543

    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Jagadesh Kumar R
    Inormation Security Group, Assistant Manager
    The Karur Vysya Bank Limited
    Karur
    ------------------------------


  • 2.  RE: CVE Coverage

    Posted 11-14-2022 11:09
    Hi,

    I would strongly recommend opening a support case for this information.


    Regards,

    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------



  • 3.  RE: CVE Coverage

    Posted 11-14-2022 11:22
    Hi Jagadesh,

    I touched base with our threat research team, and they provided the info below. I echo Sarvesh's comment - if you need further info, raise a support ticket here.

    CVE-2022-29404
    Insufficient information to determine mitigation status - actively monitoring

    CVE-2022-30522
    Out of scope as it is not a http vulnerability

    CVE-2022-22721
    Out of scope as its not a http exploit

    CVE-20221-44790
    Insufficient information to determine mitigation status - actively monitoring

    CVE-2022-0543
    Out of scope non http

    CVE-2022-35947
    OOTB by sqli rules we already have in place

    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------