Signature update version 98
New signatures rules are generated for the vulnerabilities identified in the week 2022-12-06. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 98 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.
Note
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
998820 | CVE-2022-43781 | WEB-MISC Atlassian Bitbucket Server Multiple Versions - OS Command Injection Vulnerability (CVE-2022-43781) |
998821 | CVE-2022-43775 | WEB-MISC Delta DIAEnergie - SQL Injection Vulnerability Via HandlerTag_KID (CVE-2022-43775) |
998822 | CVE-2022-43774 | WEB-MISC Delta DIAEnergie - SQL Injection Vulnerability Via HandlerPageP_KID and KID (CVE-2022-43774) |
998823 | CVE-2022-43774 | WEB-MISC Delta DIAEnergie - SQL Injection Vulnerability Via HandlerPageP_KID and HtmlId (CVE-2022-43774) |
998824 | CVE-2022-42977, CVE-2022-42978 | WEB-MISC Netic Confluence User Export App Prior to 1.3.5 - Information Disclosure Vulnerability (CVE-2022-42977, CVE-2022-42978) |
998825 | CVE-2022-40127 | WEB-MISC Apache Airflow Prior To 2.4.0 - Example Dags Command Injection Vulnerability via Api (CVE-2022-40127) |
998826 | CVE-2022-40127 | WEB-MISC Apache Airflow Prior To 2.4.0 - Example Dags Command Injection Vulnerability via Trigger (CVE-2022-40127) |
998827 | CVE-2022-39298 | WEB-MISC Melis Platform Prior to 5.0.1 - MelisFront Arbitrary Deserialization Vulnerability (CVE-2022-39298) |
998828 | CVE-2022-39297 | WEB-MISC Melis Platform Prior to 5.0.1 - MelisCms Arbitrary Deserialization Vulnerability (CVE-2022-39297) |
998829 | CVE-2022-39296 | WEB-MISC Melis Platform Prior to 5.0.1 - MelisAssetManager Arbitrary File Read Vulnerability (CVE-2022-39296) |
998830 | CVE-2022-38772 | WEB-MISC Zoho ManageEngine Multiple Products - OS Command Injection Vulnerability Via configureNmapScanOptions (CVE-2022-38772) |
998831 | CVE-2022-35933 | WEB-MISC Prestashop Productcomments Prior to 5.0.2 - Cross-Site Scripting Vulnerability (CVE-2022-35933) |
998832 | CVE-2022-3214 | WEB-MISC Delta DIAEnergie - Use of Hard-Coded Credentials Vulnerability (CVE-2022-3214) |
998833 | CVE-2022-24716 | WEB-MISC Icinga Web 2 - Arbitrary File Read Vulnerability via icinga-php-library (CVE-2022-24716) |
998834 | CVE-2022-24716 | WEB-MISC Icinga Web 2 - Arbitrary File Read Vulnerability via icinga-php-thirdparty (CVE-2022-24716) |
998835 | CVE-2022-24715 | WEB-MISC Icinga Web 2 - Path Traversal Vulnerability (CVE-2022-24715) |
998836 | CVE-2022-2139 | WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via NetworkServlet URI and filename (CVE-2022-2139) |
998837 | CVE-2022-2139 | WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via CommandServlet URI and filename (CVE-2022-2139) |
998838 | CVE-2021-39144 | WEB-MISC VMware Cloud Foundation 3.x - Remote Code Execution Vulnerability via XStream (CVE-2021-39144) |
998839 | CVE-2021-35220 | WEB-MISC SolarWinds Orion Prior to 2020.2.6 HF1 - RCE Vulnerability Via EmailWebPage and TestAction (CVE-2021-35220) |
998840 | CVE-2021-35220 | WEB-MISC SolarWinds Orion Prior to 2020.2.6 HF1 - RCE Vulnerability Via EmailWebPage Create or Update (CVE-2021-35220) |