Signature update for December 2020
New signatures rules are generated for the vulnerabilities identified in the week 2020-12-17. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 55 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999377 | WEB-WORDPRESS TI WooCommerce Wishlist Plugin Prior To 1.21.11 - Information Disclosure Vulnerability Via tinvwl_export_settings | |
999378 | WEB-WORDPRESS TI WooCommerce Wishlist Plugin Prior To 1.21.11 - WP Options Change Vulnerability Via tinvwl_import_settings | |
999379 | CVE-2020-6134 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via MassDropModal.php (CVE-2020-6134) |
999380 | CVE-2020-6133 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CourseMoreInfo.php (CVE-2020-6133) |
999381 | CVE-2020-6132 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via ChooseCP.php (CVE-2020-6132) |
999382 | CVE-2020-6131 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via MassScheduleSessionSet.php (CVE-2020-6131) |
999383 | CVE-2020-6130 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via MassDropSessionSet.php (CVE-2020-6130) |
999384 | CVE-2020-6129 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CpSessionSet.php (CVE-2020-6129) |
999385 | CVE-2020-35234 | WEB-WORDPRES Easy WP SMTP Plugin Prior to 1.4.4 - Information Disclosure Vulnerability (CVE-2020-35234) |
999386 | CVE-2020-25042 | WEB-MISC Mara CMS 7.5 - Arbitrary File Upload Vulnerability (CVE-2020-25042) |
999387 | CVE-2020-13526 | WEB-MISC ProcessMaker - SQL Injection Vulnerability Via clientSetupAjax (CVE-2020-13526) |
999388 | CVE-2020-13525 | WEB-MISC ProcessMaker - SQL Injection Vulnerability Via reportTables_Ajax (CVE-2020-13525) |
999389 | CVE-2020-12147 | WEB-MISC Silver Peak Unity Orchestrator - Arbitrary MySQL Queries Vulnerability Via sqlExecution REST API (CVE-2020-12147) |
999390 | CVE-2020-12146 | WEB-MISC Silver Peak Unity Orchestrator - Path Traversal Vulnerability Via debugFiles REST API (CVE-2020-12146) |
999391 | CVE-2020-12145 | WEB-MISC Silver Peak Unity Orchestrator - Authentication Bypass Vulnerability (CVE-2020-12145) |
999392 | CVE-2019-8394 | WEB-MISC Zoho ManageEngine ServiceDesk Plus Prior to 10.0 Build 10012 - Arbitrary File Upload Vulnerability (CVE-2019-8394) |
999393 | CVE-2019-11447 | WEB-MISC CutePHP CuteNews 2.1.2 - Remote Code Execution Vulnerability (CVE-2019-11447) |