ADC

Signature update version 102

September 21, 2023

Contributed by:

C R

New signatures rules are generated for the vulnerabilities identified in the week 2023-02-03. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 102 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
998774	CVE-2022-47966	WEB-MISC Zoho ManageEngine Products - RCE Vulnerability Via XSL Transformations in SamlResponseServlet Endpoint (CVE-2022-47966)
998775	CVE-2022-47966	WEB-MISC Zoho ManageEngine Products - RCE Vulnerability Via XSL Transformations in samlLogin Endpoint (CVE-2022-47966)
998776	CVE-2022-47615	WEB-WORDPRESS LearnPress Plugin Up to 4.1.7.3.2 - REST_ROUTE Local File Inclusion Vulnerability (CVE-2022-47615)
998777	CVE-2022-47615	WEB-WORDPRESS LearnPress Plugin Up to 4.1.7.3.2 - REST API Local File Inclusion Vulnerability (CVE-2022-47615)
998778	CVE-2022-46169	WEB-MISC Cacti Server Prior to 1.2.23 - Command Injection (CVE-2022-46169)
998779	CVE-2022-45808	WEB-WORDPRESS LearnPress Plugin Prior to 4.2 - REST_ROUTE SQL Injection Vulnerability via order_by (CVE-2022-45808)
998780	CVE-2022-45808	WEB-WORDPRESS LearnPress Plugin Prior to 4.2 - REST API SQL Injection Vulnerability via order_by (CVE-2022-45808)
998781	CVE-2022-45808	WEB-WORDPRESS LearnPress Plugin Prior to 4.2 - REST_ROUTE SQL Injection Vulnerability via order (CVE-2022-45808)
998782	CVE-2022-45808	WEB-WORDPRESS LearnPress Plugin Prior to 4.2 - REST API SQL Injection Vulnerability via order (CVE-2022-45808)
998783	CVE-2022-44877	WEB-MISC Control Web Panel (CWP) 7 Prior to 0.9.8.1147 - OS Command Injection Vulnerability (CVE-2022-44877)
998784	CVE-2022-43473	WEB-MISC Zoho ManageEngine OpManager Prior to 126141 - XML External Entity Injection Vulnerability (CVE-2022-43473)
998785	CVE-2022-43447	WEB-MISC Delta Electronics DIAEnergie - SQL Injection Vulnerability in AM_EBillAnalysis Via txtPf (CVE-2022-43447)
998786	CVE-2022-43447	WEB-MISC Delta Electronics DIAEnergie - SQL Injection Vulnerability in AM_EBillAnalysis Via txtFav (CVE-2022-43447)
998787	CVE-2022-4323	WEB-WORDPRESS Google Analyticator Plugin Prior to 6.5.6 - PHP Object Injection Vulnerability (CVE-2022-4323)
998788	CVE-2022-42904	WEB-MISC Zoho ManageEngine ADManager Plus Prior to 7160 - OS Command Injection Vulnerability (CVE-2022-42904)
998789	CVE-2022-34271	WEB-MISC Apache Atlas Prior to 2.3.0 - Arbitrary File Upload Vulnerability (CVE-2022-34271)

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Signature update version 102

September 21, 2023

Contributed by:

C R

September 21, 2023

Contributed by:

C R

Signature update version 102

Signature version

Common Vulnerability Entry (CVE) insight

In this article