Signature update version 113

New signatures rules are generated for the vulnerabilities identified in the week 2023-09-22. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 113 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, NetScaler 13.1, NetScaler 14.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998614 CVE-2023-38035 WEB-MISC Ivanti Sentry Up To 9.18.0 - Incorrect Authorization Vulnerability via /asproxy/services/ (CVE-2023-38035)
998615 CVE-2023-38035 WEB-MISC Ivanti Sentry Up To 9.18.0 - Incorrect Authorization Vulnerability via /mics/services/ (CVE-2023-38035)
998616 CVE-2023-36846 WEB-MISC Juniper JunOS SRX - Missing Authentication for Critical Function Vulnerability Via webauth_operation (CVE-2023-36846)
998617 CVE-2023-3486 WEB-MISC PaperCut NG Prior to 22.1.3 - Unrestricted File Upload Vulnerability (CVE-2023-3486)
998618 CVE-2023-34468, CVE-2023-40037 WEB-MISC Apache NiFi Multiple Versions - Command Injection Vulnerability (CVE-2023-34468, CVE-2023-40037)
998619 CVE-2023-33653 WEB-MISC Sitecore - Remote Code Execution Vulnerability (CVE-2023-33653)
998620 CVE-2023-33224, CVE-2023-23843 WEB-MISC SolarWinds Orion Platform Prior to 2023.3 - Remote Code Execution Vulnerability (CVE-2023-33224, CVE-2023-23843)
998621 CVE-2023-32566 WEB-MISC Ivanti Avalanche - SecureFilter Authentication Bypass Vulnerability (CVE-2023-32566)
998622 CVE-2023-32562 WEB-MISC Ivanti Avalanche Prior to 6.4.1 - Unrestricted File Upload Vulnerability (CVE-2023-32562)
998623 CVE-2023-32315 WEB-MISC Ignite Realtime Openfire - Path Traversal Vulnerability (CVE-2023-32315)
998624 CVE-2023-28128 WEB-MISC Ivanti Avalanche Prior to 6.4.0 - Unrestricted Upload Vulnerability (CVE-2023-28128)
998625 CVE-2023-27066 WEB-MISC Sitecore Up To 10.2 - Path Traversal Vulnerability (CVE-2023-27066)
998626 CVE-2022-23333 WEB-MISC Contec SolarView Compact Prior to 7.21 - OS Command Injection Vulnerability (CVE-2022-23333)
998627 CVE-2022-37044 WEB-MISC Zimbra Collaboration Suite Prior to 8.8.15 P33 - XSS Vulnerability via onload (CVE-2022-37044)
998628 CVE-2022-37044 WEB-MISC Zimbra Collaboration Suite Prior to 8.8.15 P33 - XSS Vulnerability via extra (CVE-2022-37044)
998629 CVE-2022-37044 WEB-MISC Zimbra Collaboration Suite Prior to 8.8.15 P33 - XSS Vulnerability via title (CVE-2022-37044)
998630 CVE-2022-24086 WEB-MISC Adobe Magento - Arbitrary Code Execution Vulnerability Via wishlist (CVE-2022-24086)
998631 CVE-2022-24086 WEB-MISC Adobe Magento - Arbitrary Code Execution Vulnerability via checkout (CVE-2022-24086)
Signature update version 113