Signature update version 72
New signatures rules are generated for the vulnerabilities identified in the week 2021-12-11. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signatures are compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
NetScaler version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect NetScaler CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999077 | CVE-2021-44228 | WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via FORM (CVE-2021-44228) |
999078 | CVE-2021-44228 | WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via BODY (CVE-2021-44228) |
999079 | CVE-2021-44228 | WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via HEADER (CVE-2021-44228) |
999080 | CVE-2021-44228 | WEB-MISC Apache Log4j - Remote Code Execution Vulnerability via URL (CVE-2021-44228) |
999081 | CVE-2021-42847 | WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7006 - Unauthenticated Arbitrary File Write Vulnerability (CVE-2021-42847) |
999082 | CVE-2021-42321 | WEB-MISC Microsoft Exchange Server - Remote Code Execution Vulnerability (CVE-2021-42321) |
999083 | CVE-2021-42258 | WEB-MISC BQE BillQuick Web Suite 2021 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258) |
999084 | CVE-2021-42258 | WEB-MISC BQE BillQuick Web Suite 2020 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258) |
999085 | CVE-2021-42258 | WEB-MISC BQE BillQuick Web Suite 2019 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258) |
999086 | CVE-2021-42258 | WEB-MISC BQE BillQuick Web Suite 2018 - Unauthenticated SQL Injection Vulnerability Via txtID (CVE-2021-42258) |
999087 | CVE-2021-42237 | WEB-MISC Sitecore From 7.5.0 To 8.2.7 - Remote Code Execution Vulnerability (CVE-2021-42237) |
999088 | CVE-2021-41950 | WEB-MISC ResourceSpace 9.6 prior to rev 18277 - Unauthenticated Path Traversal Vulnerability via variant (CVE-2021-41950) |
999089 | CVE-2021-41950 | WEB-MISC ResourceSpace 9.6 prior to rev 18277 - Unauthenticated Path Traversal Vulnerability via provider (CVE-2021-41950) |
999090 | CVE-2021-41349 | WEB-MISC Microsoft Exchange Server - Cross-Site Scripting Vulnerability (CVE-2021-41349) |
999091 | CVE-2021-35217 | WEB-MISC SolarWinds Orion Prior to 2020.2.6 HF1 - Deserialization Vulnerability Via WSAsyncExecuteTasks.aspx (CVE-2021-35217) |
999092 | CVE-2021-34416 | WEB-MISC Zoom Meeting Connector 4.6.360.20210325 - Remote Code Execution Vulnerability (CVE-2021-34416) |
999093 | CVE-2021-22941 | WEB-MISC Citrix ShareFile Storage Prior To 5.11.20 - Improper Access Control Vulnerability (CVE-2021-22941) |
999094 | CVE-2020-35136 | WEB-MISC Dolibarr Prior to 12.0.4 - Remote Code Execution Vulnerability Via zipfilename_template and bz (CVE-2020-35136) |
999095 | CVE-2020-35136 | WEB-MISC Dolibarr Prior to 12.0.4 - Remote Code Execution Vulnerability Via zipfilename_template and gz (CVE-2020-35136) |
999096 | CVE-2020-2950, CVE-2021-2456 | WEB-MISC Oracle BI Publisher - Arbitrary Files Upload Vulnerability (CVE-2020-2950, CVE-2021-2456) |
999097 | CVE-2020-2950, CVE-2021-2456 | WEB-MISC Oracle BI Publisher - Remote Code Execution Vulnerability (CVE-2020-2950, CVE-2021-2456) |