Imperva SecureSphere WAF, a security tool for on-premise web applications, has a vulnerability in some versions that allows attackers to bypass filters when inspecting POST data.  By sneaking malicious content past the WAF, attackers could potentially exploit security flaws in the protected web applications that the WAF would normally block, which compromises the security of the web applications shielded by the WAF.  A critical vulnerability (CVE-2023-50969) exists in Imperva SecureSphere WAF versions that lack the update referenced in the  “Fixed Version(s)” section, allowing attackers to bypass WAF rules designed to inspect POST data, potentially enabling the exploitation of vulnerabilities in protected applications that the WAF would normally block.  The attacker doesn’t need to authenticate and can exploit the vulnerability remotely, while it is rated critical due to the high severity of bypassing security controls.  Document Run Free ThreatScan on Your Mailbox AI-Powered Protection for Business Email Security Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Source: GBHackers