Signature update version 110
New signatures rules are generated for the vulnerabilities identified in the week 2023-07-25. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 110 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, NetScaler 13.1, NetScaler 14.1 platforms.
Note
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
| Signature rule | CVE ID | Description |
|---|---|---|
| 998646 | CVE-2023-35036 | WEB-MISC Progress MOVEit Transfer - Authenticated SQL Injection Vulnerability Via X-siLock-FolderID Smuggling (CVE-2023-35036) |
| 998647 | CVE-2023-35036 | WEB-MISC Progress MOVEit Transfer - Authenticated SQL Injection Vulnerability Via X-siLock-FolderID (CVE-2023-35036) |
| 998648 | CVE-2023-3460 | WEB-WORDPRESS Ultimate Member Wordpress plugin before 2.6.7 Improper Privilege Management (CVE-2023-3460) |
| 998649 | CVE-2023-33651 | WEB-MISC Sitecore - Authorization Rules Bypass Vulnerability Via MVC Device Simulator (CVE-2023-33651) |
| 998650 | CVE-2023-33157 | WEB-MISC Microsoft SharePoint - Remote Code Execution Vulnerability (CVE-2023-33157) |
| 998651 | CVE-2023-30777 | WEB-WORDPRESS WordPress Plugin Advanced Custom Fields Up to 6.1.5 - Reflected XSS Vulnerability (CVE-2023-30777) |
| 998652 | CVE-2023-30545 | WEB-MISC PrestaShop Prior to 8.0.4 and 1.7.8.9 - Arbitrary File Read Vulnerability via LOAD_FILE (CVE-2023-30545) |
| 998653 | CVE-2023-2986 | WEB-WORDPRESS Abandoned Cart Lite for WooCommerce plugin up to 5.14.2 Authentication Bypass (CVE-2023-2986) |
| 998654 | CVE-2023-2982 | WEB-WORDPRESS Wordpress Plugin Social Login and Register prior to 7.6.4 - Authentication Bypass (CVE-2023-2982) |
| 998655 | CVE-2023-29489 | WEB-MISC cPanel prior to 11.102.0.31 - XSS Vulnerability (CVE-2023-29489) |
| 998656 | CVE-2023-29300, CVE-2023-38203, CVE-2023-38204 | WEB-MISC Adobe ColdFusion - Deserialization of Untrusted Data Vulnerability (CVE-2023-29300, CVE-2023-38203, CVE-2023-38204) |
| 998657 | CVE-2023-29298, CVE-2023-38205 | WEB-MISC Adobe ColdFusion Multiple Versions - Access Control Bypass Vulnerability via restplay (CVE-2023-29298,CVE-2023-38205) |
| 998658 | CVE-2023-29298, CVE-2023-38205 | WEB-MISC Adobe ColdFusion Multiple Versions - Access Control Bypass Vulnerability via cfide (CVE-2023-29298,CVE-2023-38205) |
| 998659 | CVE-2023-28121 | WEB-WORDPRESS WordPress Plugin WooCommerce Payments Up to 5.6.1 - Privilege Elevation Vulnerability (CVE-2023-28121) |
| 998660 | CVE-2023-27372 | WEB-MISC SPIP up to 3.2.17, 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 Remote Code Execution (CVE-2023-27372) |
| 998661 | CVE-2023-27372 | WEB-MISC SPIP up to 3.2.17, 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 Remote Code Execution (CVE-2023-27372) |
| 998662 | CVE-2023-27350 | WEB-MISC PaperCut NG - Authentication Bypass Vulnerability (CVE-2023-27350) |
| 998663 | CVE-2023-27067 | WEB-MISC Sitecore Up To 10.2 - Path Traversal Vulnerability (CVE-2023-27067) |
| 998664 | CVE-2023-26360 | WEB-MISC Adobe ColdFusion 2018 prior to update 16 and 2021 prior to update 6 - Improper Access Control (CVE-2023-26360) |
| 998665 | CVE-2023-26262 | WEB-MISC Sitecore - Unrestricted Language File Upload Vulnerability (CVE-2023-26262) |
| 998666 | CVE-2023-2611 | WEB-MISC Advantech R-SeeNet Prior to 2.4.23 - Use of Hard-Coded Credentials Vulnerability (CVE-2023-2611) |
| 998667 | CVE-2023-25804 | WEB-MISC Roxy-WI Prior to 6.3.6.0 - Path Traversal Vulnerability (CVE-2023-25804) |
| 998668 | CVE-2023-2575 | WEB-MISC Advantech EKI-15XX - Stack-based Buffer Overflow Vulnerability (CVE-2023-2575) |
| 998669 | CVE-2023-2574 | WEB-MISC Advantech EKI-15XX - OS Command Injection Vulnerability (CVE-2023-2574) |
| 998670 | CVE-2023-2573 | WEB-MISC Advantech EKI-15XX - OS Command Injection Vulnerability (CVE-2023-2573) |
| 998671 | CVE-2023-25690 | WEB-MISC Apache HTTP Server 2.4.0 Through 2.4.55 - Request Smuggling Vulnerability Via Line Feed (CVE-2023-25690) |
| 998672 | CVE-2023-25690 | WEB-MISC Apache HTTP Server 2.4.0 Through 2.4.55 - Request Smuggling Vulnerability Via Carriage Return (CVE-2023-25690) |
| 998673 | CVE-2023-23489 | WEB-WORDPRESS Wordpress plugin Easy Digital Downloads prior to v3.1.0.2 - SQL Injection Vulnerability (CVE-2023-23489) |
| 998674 | CVE-2023-20887 | WEB-MISC VMware Aria Operations for Networks - Command Injection Vulnerability (CVE-2023-20887) |
| 998675 | CVE-2023-1671 | WEB-MISC Sophos Web Appliance prior to 4.3.10.4 - Command Injection (CVE-2023-1671) |
| 998676 | CVE-2023-1196 | WEB-WORDPRESS WordPress plugin Advanced Custom Fields prior to 5.12.5 and 6.1.0 - Untrusted Deserialization (CVE-2023-1196) |
| 998677 | CVE-2023-1138 | WEB-MISC Delta Electronics InfraSuite Device Master Prior to 1.0.5 - Information Disclosure Via Report (CVE-2023-1138) |
| 998678 | CVE-2023-1138 | WEB-MISC Delta Electronics InfraSuite Device Master Prior to 1.0.5 - Information Disclosure Via ModuleConfig (CVE-2023-1138) |
| 998679 | CVE-2023-1137 | WEB-MISC Delta Electronics InfraSuite Device Master Prior to 1.0.5 - Information Disclosure Vulnerability (CVE-2023-1137) |
| 998680 | CVE-2023-0255 | WEB-WORDPRESS Wordpress plugin Enable Media Replace prior to 4.0.2 - Arbitrary File Upload Vulnerability (CVE-2023-0255) |
| 998681 | CVE-2022-36963 | WEB-MISC SolarWinds Platform Prior to 2023.2 - Command Injection Vulnerability Via TestCredentials (CVE-2022-36963) |
| 998682 | CVE-2022-29303 | WEB-MISC Contec SolarView Compact Prior to 7.21 - OS Command Injection Vulnerability (CVE-2022-29303) |
| 998683 | CVE-2022-2185 | WEB-MISC GitLab Multiple Versions Prior to 14.10.5 and 15.1.1 - Remote Execution Vulnerability (CVE-2022-2185) |
| 998684 | CVE-2020-5284 | WEB-MISC Next.js Prior to 9.3.2 - Path Traversal Vulnerability (CVE-2020-5284) |
Signature update version 110
Copied!
Failed!