ADC

Signature update version 89

September 21, 2023

Contributed by:

C S

New signatures rules are generated for the vulnerabilities identified in the week 2022-07-08. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 89 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule	CVE ID	Description
998942	CVE-2022-32532	WEB-MISC Apache Shiro Prior to 1.9.1 - RegexRequestMatcher Bypass Vulnerability Via Line Feed (CVE-2022-32532)
998943	CVE-2022-32532	WEB-MISC Apache Shiro Prior to 1.9.1 - RegexRequestMatcher Bypass Vulnerability Via Carriage Return (CVE-2022-32532)
998944	CVE-2022-30157	WEB-MISC Microsoft SharePoint - RCE Via Deserialization of Untrusted Data Vulnerability (CVE-2022-30157)
998945	CVE-2022-29847	WEB-MISC In Progress Ipswitch WhatsUp Gold - Unauthenticated Server-Side Request Forgery Vulnerability (CVE-2022-29847)
998946	CVE-2022-29535	WEB-MISC Zoho ManageEngine OpManager Multiple Versions - SQL Injection Vulnerability Via bview (CVE-2022-29535)
998947	CVE-2022-29535	WEB-MISC Zoho ManageEngine OpManager Multiple Versions - SQL Injection Vulnerability Via category (CVE-2022-29535)
998948	CVE-2022-28219	WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7060 - Remote Code Execution Vulnerability (CVE-2022-28219)
998949	CVE-2022-28219	WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7060 - XXE Injection Vulnerability Via Task New Content (CVE-2022-28219)
998950	CVE-2022-28219	WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7060 - XXE Injection Vulnerability Via Task Content (CVE-2022-28219)
998951	CVE-2022-23642	WEB-MISC Sourcegraph Prior to 3.37 - gitserver Service Remote Code Execution Vulnerability (CVE-2022-23642)
998952	CVE-2022-23206	WEB-MISC Apache Traffic Control Traffic Ops Prior to 5.1.6 and 6.1.0 - SSRF Vulnerability (CVE-2022-23206)
998953	CVE-2022-1609	WEB-WORDPRESS Weblizar School Management Pro Plugin Prior to 9.9.7 - Remote Code Execution Vulnerability (CVE-2022-1609)
998954	CVE-2022-1209	WEB-WORDPRESS WordPress Plugin Ultimate Member Prior to 2.3.2 - Open Redirect Vulnerability (CVE-2022-1209)
998955	CVE-2021-46360	WEB-MISC Composr-CMS - Remote Code Execution Vulnerability (CVE-2021-46360)
998956	CVE-2021-43350	WEB-MISC Apache Traffic Control Traffic Ops Prior to 5.1.4 and 6.0.1 - LDAP Injection Vulnerability (CVE-2021-43350)
998957	CVE-2017-9248	WEB-MISC Telerik UI for ASP.NET AJAX before R2 2017 SP1 - Encryption Key Disclosure Vulnerability (CVE-2017-9248)

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Signature update version 89

September 21, 2023

Contributed by:

C S

September 21, 2023

Contributed by:

C S

Signature update version 89

Signature version

Common Vulnerability Entry (CVE) insight

In this article