Signature update version 47
New signatures rules are generated for the vulnerabilities identified in the week 2020-06-12. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999580 | CVE-2020-6010 | WEB-WORDPRESS LearnPress LMS Plugin Prior to 3.2.6.9 - SQL Injection Vulnerability (CVE-2020-6010) |
999581 | WEB-MISC Nagios XI Up To 5.6.13 - Service Command_Test Arbitrary Command Execution Vulnerability | |
999582 | CVE-2020-0932 | Microsoft SharePoint Server - WebPart Source Markup Remote Code Execution Vulnerability Via SOAP 1.2 (CVE-2020-0932) |
999583 | CVE-2020-0932 | Microsoft SharePoint Server - WebPart Source Markup Remote Code Execution Vulnerability Via SOAP 1.1 (CVE-2020-0932) |
999584 | CVE-2020-12642 | WEB-WORDPRESS Ninja Forms Plugin Prior to 3.4.24.2 - Cross-Site Request Forgery Vulnerability via Import Fields (CVE-2020-12642) |
999585 | CVE-2020-12642 | WEB-WORDPRESS Ninja Forms Plugin Prior to 3.4.24.2 - Cross-Site Request Forgery Vulnerability via Import Form (CVE-2020-12642) |
999586 | CVE-2020-11450 | WEB-MISC Microstrategy Web 10.4 - Information Disclosure Vulnerability (CVE-2020-11450) |
999587 | CVE-2020-7935 | WEB-MISC Artica Pandora FMS 7.0 - Unrestricted Upload of File With Dangerous Type Vulnerability Allows RCE (CVE-2020-7935) |
999588 | CVE-2020-12116 | WEB-MISC Zoho ManageEngine OpManager Prior to Build 125125 - Information Disclosure Vulnerability (CVE-2020-12116) |
999589 | WEB-WORDPRESS Elementor Page Builder Prior to 2.9.6 - Privilege Escalation Vulnerability | |
999590 | CVE-2020-11738 | WEB-WORDPRESS - Snap Creek Duplicator Plugin Prior to 1.3.28 - Path Traversal Vulnerability (CVE-2020-11738) |
999591 | CVE-2020-10389 | WEB-MISC Chadha PHPKB Standard Multi-Language 9 - Remote Code Execution vulnerability (CVE-2020-10389) |
999592 | CVE-2020-11516 | WEB-WORDPRESS Contact Form 7 Datepicker Plugin Up To 2.6.0 - Stored XSS Vulnerability (CVE-2020-11516) |
999593 | WEB-MISC Nagios XI Up To 5.6.13 - Export-RRD Arbitrary Command Execution Vulnerability Via Step | |
999594 | WEB-MISC Nagios XI Up To 5.6.13 - Export-RRD Arbitrary Command Execution Vulnerability Via End | |
999595 | WEB-MISC Nagios XI Up To 5.6.13 - Export-RRD Arbitrary Command Execution Vulnerability Via Start | |
999596 | CVE-2019-19799 | Zoho ManageEngine Applications Manager Previous To 14600 - Information Disclosure Vulnerability (CVE-2019-19799) |
999597 | CVE-2020-10458 | WEB-MISC Chadha PHPKB Standard Multi-Language 9 - Arbitrary Folder Deletion Vulnerability (CVE-2020-10458) |
999598 | CVE-2017-9822 | WEB-MISC DNN Before 9.1.1 - Remote Code Execution Vulnerability Via DNNPersonalization Cookie (CVE-2017-9822) |
999599 | CVE-2020-7953 | WEB-MISC OpServices OpMon 9.3.2 - Unauthenticated Information Disclosure Vulnerability Via nmap_options Param (CVE-2020-7953) |
999600 | CVE-2020-7953 | WEB-MISC OpServices OpMon 9.3.2 - Unauthenticated Information Disclosure Vulnerability Via host Param (CVE-2020-7953) |
999601 | WEB-MISC Bolt CMS 3.7.0 - File Rename to a Dangerous Type Vulnerability Via newname Parameter | |
999602 | WEB-MISC Bolt CMS 3.7.0 - Path Traversal Vulnerability Via newname Parameter | |
999603 | WEB-MISC Bolt CMS 3.7.0 - Path Traversal Vulnerability Via oldname Parameter | |
999604 | WEB-MISC Bolt CMS 3.7.0 - Path Traversal Vulnerability Via parent Parameter | |
999605 | WEB-MISC Bolt CMS 3.7.0 - Improper Field Validation Vulnerability in displayname Parameter | |
999606 | CVE-2020-9004 | WEB-MISC - Wowza Streaming Engine 4.7.8 - Incorrect Authorization Vulnerability in View Logs (CVE-2020-9004) |
999607 | CVE-2020-9004 | WEB-MISC - Wowza Streaming Engine 4.7.8 - Incorrect Authorization Vulnerability in Media Cache Settings (CVE-2020-9004) |
999608 | CVE-2020-9004 | WEB-MISC - Wowza Streaming Engine 4.7.8 - Incorrect Authorization Vulnerability in Applications Settings (CVE-2020-9004) |
999609 | CVE-2020-9004 | WEB-MISC - Wowza Streaming Engine 4.7.8 - Incorrect Authorization Vulnerability in Server Settings (CVE-2020-9004) |
999610 | WEB-MISC PrestaShop 1.7.6.5 - CSRF Vulnerability via Filemanager | |
999611 | CVE-2020-10238 | WEB-MISC Joomla! Previous To 3.9.16 - Security Bypass Vulnerability via com_templates (CVE-2020-10238) |
999612 | CVE-2020-11510 | WEB-WORDPRESS LearnPress LMS Plugin Prior to 3.2.6.9 - Privilege Escalation Via learnpress_create_page (CVE-2020-11510) |
999613 | CVE-2020-11510 | WEB-WORDPRESS LearnPress LMS Plugin Prior to 3.2.6.9 - Privilege Escalation Via learnpress_update_order_status (CVE-2020-11510) |
999614 | CVE-2020-8636 | WEB-MISC OpServices OpMon 9.3.2 - Unauthenticated Remote Code Execution Vulnerability Via nmap_options Parameter (CVE-2020-8636) |
999615 | CVE-2020-8636 | WEB-MISC OpServices OpMon 9.3.2 - Unauthenticated Remote Code Execution Vulnerability Via host Parameter (CVE-2020-8636) |
999616 | CVE-2020-11511 | WEB-WORDPRESS LearnPress LMS Plugin Prior to 3.2.6.9 - Privilege Escalation Via accept-to-be-teacher (CVE-2020-11511) |
999617 | CVE-2020-11451 | WEB-MISC Microstrategy Web - Unsecure File Type Upload Vulnerability Via JSP (CVE-2020-11451) |
999618 | CVE-2020-11451 | WEB-MISC Microstrategy Web - Unsecure File Type Upload Vulnerability Via ASP (CVE-2020-11451) |
999619 | CVE-2020-11515 | WEB-WORDPRESS WP SEO Plugin Rank Math Prior to 1.0.41 - Redirection Vulnerability Via REST API Through URL (CVE-2020-11515) |
999620 | CVE-2020-11515 | WEB-WORDPRESS WP SEO Plugin Rank Math Prior to 1.0.41 - Redirection Vulnerability Via REST API rest_route Param (CVE-2020-11515) |
999621 | CVE-2020-10457 | WEB-MISC Chadha PHPKB Standard Multi-Language 9 - Arbitrary File Renaming Vulnerability Via imgName (CVE-2020-10457) |
999622 | CVE-2020-10457 | WEB-MISC Chadha PHPKB Standard Multi-Language 9 - Arbitrary File Renaming Vulnerability Via imgUrl (CVE-2020-10457) |
999623 | CVE-2019-1821 | WEB-MISC Cisco Prime Infrastructure - Remote Code Execution Vulnerability (CVE-2019-1821) |
999624 | WEB-WORDPRESS Page Builder Plugin Prior to 2.10.16 - CSRF Vulnerability Via Ajax action_builder_content | |
999625 | WEB-WORDPRESS Page Builder Plugin Prior to 2.10.16 - CSRF Vulnerability Via Live Editor | |
999626 | CVE-2020-11514 | WEB-WORDPRESS WP SEO Plugin Rank Math Prior to 1.0.41 - Privilege Escalation Via REST API Through URL (CVE-2020-11514) |
999627 | CVE-2020-11514 | WEB-WORDPRESS WP SEO Plugin Rank Math Prior to 1.0.41 - Privilege Escalation Via REST API rest_route Param (CVE-2020-11514) |
999628 | CVE-2019-6713 | WEB-MISC ThinkCMF Prior to 5.0.190312 - Code Injection Vulnerability Via /route/editpost.html (CVE-2019-6713) |
999629 | CVE-2019-6713 | WEB-MISC ThinkCMF Prior to 5.0.190312 - Code Injection Vulnerability Via /route/addpost.html (CVE-2019-6713) |
999630 | WEB-WORDPRESS Google Site Kit Plugin Prior to 1.8.0 - Unprotected Verification Vulnerability | |
999631 | CVE-2020-9315 | WEB-MISC Oracle iPlanet Web Server 7.0.x - Incorrect Access Control Vulnerability (CVE-2020-9315) |
999632 | CVE-2020-1947 | WEB-MISC Apache ShardingSphere 4.0.0-RC3 and 4.0.0 - SnakeYAML Remote Code Execution Vulnerability (CVE-2020-1947) |
999633 | CVE-2020-7961 | Liferay Portal Prior To 7.2.1 CE GA2 - JSONWS Deserialization RCE Vulnerability Via JSON-RPC (CVE-2020-7961) |
999634 | CVE-2020-7961 | Liferay Portal Prior To 7.2.1 CE GA2 - JSONWS Deserialization RCE Vulnerability Via URL Path (CVE-2020-7961) |
999635 | CVE-2020-7961 | Liferay Portal Prior To 7.2.1 CE GA2 - JSONWS Deserialization RCE Vulnerability Via Form And URI Query (CVE-2020-7961) |
999636 | CVE-2020-8518 | WEB-MISC Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution Vulnerability (CVE-2020-8518) |
999637 | CVE-2020-7351 | WEB-MISC Fonality Trixbox CE 2.8.0.4 and Prior - Remote Code Execution Vulnerability (CVE-2020-7351) |
999638 | CVE-2020-12720 | WEB-MISC vBulletin Prior to 5.6.1 Patch Level 1 - Unauthenticated SQL Injection Vulnerability (CVE-2020-12720) |
999639 | CVE-2019-19800 | Zoho ManageEngine Applications Manager Previous To 14520 - Path Traversal Vulnerability (CVE-2019-19800) |
999640 | CVE-2020-10386 | WEB-MISC Chadha PHPKB Standard Multi-Language 9 - Remote Code Execution (CVE-2020-10386) |
999641 | CVE-2020-8497 | WEB-MISC Artica Pandora FMS 7.0 - Unauthenticated Information Disclosure Vulnerability (CVE-2020-8497) |
999642 | CVE-2020-6009 | WEB-WORDPRESS LearnDash LMS Plugin Prior to 3.1.6 - Unauthenticated SQL Injection Vulnerability (CVE-2020-6009) |