Research labs
New Vulnerability in Popular Widget Shows Risks of Third-Party Code
The Americans with Disabilities Act (ADA) includes requirements on companies falling within its scope to ensure their websites are accessible to individuals with disabilities. These requirements have created a strong incentive for ...
From Online Fraud to DDoS and API Abuse: The State of Security Within eCommerce in 2022
What are the biggest cybersecurity threats affecting online retailers today? The State of Security Within eCommerce in 2022 Report from Imperva is now available and answers that question. For this report, Imperva’s ...
Apache Commons Text vulnerability CVE-2022-42889
(Updated Oct. 19, 2022) CVE-2022-42889 was recently added to the NVD catalog, with a critical score of 9.8. This vulnerability allows remote code execution (RCE) in Apache Commons Text. It affects version ...
Microsoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082
On September 29, Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. The vulnerabilities allow remote code execution (RCE) when used in tandem. It is important ...
What we know about VMWare CVE-2022–31656 and CVE-2022–31659
Takeaways: VMWare Workspace ONE vulnerabilities CVE-2022-31656 and CVE-2022-31659 work in tandem to allow a remote attacker with network access to conduct remote code execution on the server. Imperva Threat Research has seen ...
Imperva Customers are protected from Atlassian Confluence CVE-2022-26134
This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater ...
5 Things We’ve Learned About CVE-2021-44228
Over the last week, Imperva Threat Research observed interesting data points related to CVE-2021-44228. Despite new variants being discovered and patched by our team, we wanted to share five interesting things that ...
Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions
Since it was disclosed on Friday, December 11, I have spoken with many customers about CVE-2021-44228 and the ways Imperva is working to ensure that they are protected. Countless others have contacted ...
How We’re Protecting Customers & Staying Ahead of CVE-2021-44228
CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, ...
Data security is broken: What’s next?
One out of every two on-premises databases globally has at least one vulnerability, finds a new study from Imperva Research Labs spanning 27,000 on-prem databases, based on insights from a proprietary database ...
