ADC

Signature update version 55

New signatures rules are generated for the vulnerabilities identified in the week 2020-12-17. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

NetScaler version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

Enabling Post body and Response body signature rules might affect NetScaler CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999377   WEB-WORDPRESS TI WooCommerce Wishlist Plugin Prior To 1.21.11 - Information Disclosure Vulnerability Via tinvwl_export_settings
999378   WEB-WORDPRESS TI WooCommerce Wishlist Plugin Prior To 1.21.11 - WP Options Change Vulnerability Via tinvwl_import_settings
999379 CVE-2020-6134 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via MassDropModal.php (CVE-2020-6134)
999380 CVE-2020-6133 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CourseMoreInfo.php (CVE-2020-6133)
999381 CVE-2020-6132 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via ChooseCP.php (CVE-2020-6132)
999382 CVE-2020-6131 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via MassScheduleSessionSet.php (CVE-2020-6131)
999383 CVE-2020-6130 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via MassDropSessionSet.php (CVE-2020-6130)
999384 CVE-2020-6129 WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CpSessionSet.php (CVE-2020-6129)
999385 CVE-2020-35234 WEB-WORDPRES Easy WP SMTP Plugin Prior to 1.4.4 - Information Disclosure Vulnerability (CVE-2020-35234)
999386 CVE-2020-25042 WEB-MISC Mara CMS 7.5 - Arbitrary File Upload Vulnerability (CVE-2020-25042)
999387 CVE-2020-13526 WEB-MISC ProcessMaker - SQL Injection Vulnerability Via clientSetupAjax (CVE-2020-13526)
999388 CVE-2020-13525 WEB-MISC ProcessMaker - SQL Injection Vulnerability Via reportTables_Ajax (CVE-2020-13525)
999389 CVE-2020-12147 WEB-MISC Silver Peak Unity Orchestrator - Arbitrary MySQL Queries Vulnerability Via sqlExecution REST API (CVE-2020-12147)
999390 CVE-2020-12146 WEB-MISC Silver Peak Unity Orchestrator - Path Traversal Vulnerability Via debugFiles REST API (CVE-2020-12146)
999391 CVE-2020-12145 WEB-MISC Silver Peak Unity Orchestrator - Authentication Bypass Vulnerability (CVE-2020-12145)
999392 CVE-2019-8394 WEB-MISC Zoho ManageEngine ServiceDesk Plus Prior to 10.0 Build 10012 - Arbitrary File Upload Vulnerability (CVE-2019-8394)
999393 CVE-2019-11447 WEB-MISC CutePHP CuteNews 2.1.2 - Remote Code Execution Vulnerability (CVE-2019-11447)
Signature update version 55