ADC

Signature update version 40

December 16, 2021

Contributed by:

S S C

New signatures rules are generated for the vulnerabilities identified for the week 2020-01-14. You can download and configure these signature rules to protect your appliance from security vulnerable attacks. The signature update includes the signature ID, signature version, and list of CVEs addressed.

Signature version

Signature version 40 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.

Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.

Note:

The signature update version 40 includes a fix for the incorrect signature rule 1861. Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
999732	CVE-2019-1620	WEB-MISC Cisco Data Center Network Manager Prior To 11.2(1) - Arbitrary File Upload Vulnerability (CVE-2019-1620)
999733	CVE-2019-16702	WEB-MISC Integard Pro 2.2.0.9026 - NoJs Buffer Overflow Vulnerability (CVE-2019-16702)
999734	CVE-2019-1621	WEB-MISC Cisco Data Center Network Manager Prior To 11.2(1) - Arbitrary File Download Vulnerability (CVE-2019-1621)
999735	CVE-2019-8451	WEB-MISC Atlassian Jira Server Before 8.4.0 - Server Side Request Forgery Vulnerability (CVE-2019-8451)
999736		WEB-WORDPRESS GDPR Cookie Compliance plug-in Prior to 4.0.3 - Authenticated Arbitrary Settings Deletion Vulnerability
999737	CVE-2019-11287	WEB-MISC Pivotal RabbitMQ 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1 - Denial of Service Vulnerability (CVE-2019-11287)
999738		WEB-WORDPRESS Ultimate Addons For Elementor Prior To 1.20.1 - Authentication Bypass Via Facebook Login Vulnerability
999739		WEB-WORDPRESS Ultimate Addons For Elementor Prior To 1.20.1 - Authentication Bypass Via Google Login Vulnerability
999740	CVE-2019-19366	WEB-MISC FusionPBX Prior to 4.4.10 - cross-site scripting Vulnerability in xml_cdr_search.php Via Redirect Parameter (CVE-2019-19366)
999741	CVE-2019-16931	WEB-WORDPRESS Visualizer plug-in Prior to Version 3.3.1 - Unauthenticated cross-site scripting Vulnerability (CVE-2019-16931)
999742	CVE-2019-16932	WEB-WORDPRESS Visualizer plug-in Prior to Version 3.3.1 - Unauthenticated SSRF (CVE-2019-16932)
999743	CVE-2019-1619	WEB-MISC Cisco Data Center Network Manager Prior To 11.1(1) - Authentication Bypass Vulnerability (CVE-2019-1619)
999744	CVE-2019-12562	WEB-MISC DotNetNuke Before 9.4.0 - Stored Cross Site Scripting Vulnerability (CVE-2019-12562)
999745	CVE-2019-8371	WEB-MISC OpenEMR Prior to 5.0.2 - Remote Code Execution Vulnerability Via Form_Filedata Field (CVE-2019-8371)
999746	CVE-2019-8371	WEB-MISC OpenEMR Prior to 5.0.2 - Remote Code Execution Vulnerability Via Form_Image Field (CVE-2019-8371)
999747		WEB-WORDPRESS Beaver Builder Ultimate Addons Prior To 1.24.1 - Authentication Bypass Via Facebook Login Vulnerability
999748		WEB-WORDPRESS Beaver Builder Ultimate Addons Prior To 1.24.1 - Authentication Bypass Via Google Login Vulnerability
999749	CVE-2019-19650	WEB-MISC Zoho ManageEngine AM Prior to Build 13640 - SQLi Via Agent Servlet (CVE-2019-19650)
999750		WEB-MISC Zoho ManageEngine AM Prior to Build 13620 - API Key Disclosure Via OPMRequestHandlerServlet Servlet
999751	CVE-2019-1622	WEB-MISC Cisco Data Center Network Manager 11.0(1) - Information Disclosure Vulnerability (CVE-2019-1622)
999752	CVE-2019-16759	WEB-MISC vBulletin Prior to 5.5.4 Patch Level 1 - Remote Code Execution Vulnerability (CVE-2019-16759)
999753		WEB-WORDPRESS Featured Image from URL plug-in Prior to 2.7.8 - Missing Access Controls on REST API Vulnerability
999754	CVE-2019-10098	WEB-MISC Apache HTTP Server Up To 2.4.39 - mod_rewrite Self-Referential Redirect Vulnerability (CVE-2019-10098)
999755	CVE-2019-1936	WEB-MISC Cisco UCS Director 6.0 to 6.6.1.0 and 6.7.0.0 to 6.7.1.0 - Command Injection Vulnerability (CVE-2019-1936)
999756	CVE-2019-19649	WEB-MISC Zoho ManageEngine AM Prior to Build 13620 - Unauthenticated SQLi Via EventID Parameter (CVE-2019-19649)
999757	CVE-2019-19649	WEB-MISC Zoho ManageEngine AM Prior to Build 13620 - Unauthenticated SQLi Via Entity Parameter (CVE-2019-19649)
999758	CVE-2019-15036	WEB-MISC JetBrains TeamCity Before 2019.1 - OS Command Injection Vulnerability (CVE-2019-15036)
999759	CVE-2019-17239	WEB-WORDPRESS Download plug-ins and Themes from Dashboard plug-in Up To 1.5 - Stored cross-site scripting Vulnerability (CVE-2019-17239)

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update version 40

December 16, 2021

Contributed by:

S S C

December 16, 2021

Contributed by:

S S C

Signature update version 40

Signature version

Common Vulnerability Entry (CVE) insight

In this article