Signature update version 71
New signatures rules are generated for the vulnerabilities identified in the week 2021-11-18. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 71 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999098 | CVE-2021-41765 | WEB-MISC ResourceSpace 9.5 and 9.6 prior to rev 18274 - SQL Injection Vulnerability (CVE-2021-41765) |
999099 | CVE-2021-41288 | WEB-MISC Zoho ManageEngine OpManager Prior to Build 125467 - SQL Injection Vulnerability Via getReportData API (CVE-2021-41288) |
999100 | CVE-2021-40493 | WEB-MISC Zoho ManageEngine OpManager Prior to Build 125437 - SQL Injection Vulnerability Via deviceName (CVE-2021-40493) |
999101 | CVE-2021-40493 | WEB-MISC Zoho ManageEngine OpManager Prior to Build 125437 - SQL Injection Vulnerability Via pollingObject (CVE-2021-40493) |
999102 | CVE-2021-40438 | WEB-MISC Apache HTTP Server - mod_proxy Request Forward Vulnerability (CVE-2021-40438) |
999103 | CVE-2021-39341 | WEB-WORDPRESS OptinMonster Plugin Up to 2.6.4 - REST_ROUTE Permission Bypass Vulnerability (CVE-2021-39341) |
999104 | CVE-2021-39341 | WEB-WORDPRESS OptinMonster Plugin Up to 2.6.4 - REST API Permission Bypass Vulnerability (CVE-2021-39341) |
999105 | CVE-2021-37344 | WEB-MISC Nagios XI Switch Wizard Prior to 2.5.7 - Remote Code Execution Vulnerability Via ip_address Parameter (CVE-2021-37344) |
999106 | CVE-2021-35218 | WEB-MISC SolarWinds Orion Prior to 2020.2.6 - Deserialization Vulnerability Via Chart.ashx (CVE-2021-35218) |
999107 | CVE-2021-35215 | WEB-MISC SolarWinds Orion Platform Prior to 2020.2.6 - Remote Code Execution Vulnerability Via Reporting (CVE-2021-35215) |
999108 | CVE-2021-35215 | WEB-MISC SolarWinds Orion Platform Prior to 2020.2.6 - Remote Code Execution Vulnerability Via Alerting (CVE-2021-35215) |
999109 | CVE-2021-24889 | WEB-WORDPRESS Ninja Forms Plugin Prior to 3.6.4 - SQL Injection Vulnerability (CVE-2021-24889) |
999110 | CVE-2021-24381 | WEB-WORDPRESS Ninja Forms Plugin Prior to 3.5.8.2 - Custom Class Name Stored Cross-Site Scripting Vulnerability (CVE-2021-24381) |
999111 | CVE-2021-2401 | WEB-MISC Oracle BI Publisher - DOMParser XXE Vulnerability Via mobile X ReportTemplateService (CVE-2021-2401) |
999112 | CVE-2021-2401 | WEB-MISC Oracle BI Publisher - DOMParser XXE Vulnerability Via mobile ReportTemplateService (CVE-2021-2401) |
999113 | CVE-2021-2401 | WEB-MISC Oracle BI Publisher - DOMParser XXE Vulnerability Via xmlpservice X ReportTemplateService (CVE-2021-2401) |
999114 | CVE-2021-2401 | WEB-MISC Oracle BI Publisher - DOMParser XXE Vulnerability Via xmlpservice ReportTemplateService (CVE-2021-2401) |
999115 | CVE-2021-2392 | WEB-MISC Oracle BI Publisher - Arbitrary Files Upload Vulnerability (CVE-2021-2392) |
999116 | CVE-2021-2244 | WEB-MISC Oracle Hyperion-Essbase Analytic Provider Services - Remote Code Execution Vulnerability Via Essbase (CVE-2021-2244) |
999117 | CVE-2021-2244 | WEB-MISC Oracle Hyperion-Essbase Analytic Provider Services - Remote Code Execution Vulnerability Via admin (CVE-2021-2244) |
999118 | CVE-2021-2244 | WEB-MISC Oracle Hyperion-Essbase Analytic Provider Services - Remote Code Execution Vulnerability Via JAPI (CVE-2021-2244) |
999119 | CVE-2021-22205 | WEB-MISC GitLab CE/EE - Remote Code Execution Vulnerability Via Maliciously Crafted JPEG/TIFF Files (CVE-2021-22205) |
999120 | CVE-2021-22017 | WEB-MISC VMWare vCenter - Path Traversal Vulnerability Via rhhtproxy (CVE-2021-22017) |
999121 | CVE-2021-20837 | WEB-MISC Movable Type Prior to r.5003 - Remote Code Execution Via mt.handler_to_coderef (CVE-2021-20837) |
999122 | CVE-2021-20131 | WEB-MISC Zoho ManageEngine ADManager Prior to Build 7115 - Remote Code Execution Vulnerability Via File Upload (CVE-2021-20131) |
999123 | CVE-2021-20130 | WEB-MISC Zoho ManageEngine ADManager Prior to Build 7115 - Remote Code Execution Vulnerability Via File Upload (CVE-2021-20130) |
999124 | CVE-2021-20034 | WEB-MISC SonicWall Secure Mobile Access - Path Traversal Vulnerability (CVE-2021-20034) |
999125 | WEB-WORDPRESS BuddyPress Plugin Prior to 9.1.1 - Information Disclosure Vulnerability Via signup REST API and rest_route | |
999126 | WEB-WORDPRESS BuddyPress Plugin Prior to 9.1.1 - Information Disclosure Vulnerability Via signup REST API |