Signature update version 128

New signatures rules are generated for the vulnerabilities identified in the week 2024-04-26. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 128 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, NetScaler 13.1, NetScaler 14.1 platforms.

Note

Enabling Post body and Response body signature rules might affect NetScaler CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998498 CVE-2024-4040 WEB-MISC CrushFTP Prior to 10.7.1 and 11.1.0 - Server Side Template Injection Vulnerability (CVE-2024-4040)
998499 CVE-2024-30162 WEB-MISC Invision Community - Arbitrary File Upload Vulnerability (CVE-2024-30162)
998500 CVE-2024-23538, CVE-2024-23539 WEB-MISC Apache Fineract Prior to 1.9 - SQL Injection Vulnerabilities (CVE-2024-23538,CVE-2024-23539)
998501 CVE-2024-23538, CVE-2024-23539 WEB-MISC Apache Fineract Prior to 1.9 - SQL Injection Vulnerabilities (CVE-2024-23538,CVE-2024-23539)
998502 CVE-2024-20767 WEB-MISC Adobe ColdFusion Multiple Versions - Improper Access Control Vulnerability (CVE-2024-20767)
998503 CVE-2024-1981 WEB-WORDPRESS WordPress Plugin WPVivid Backup & Migration - SQLi Vulnerability (CVE-2024-1981)
998504 CVE-2023-6019 WEB-MISC Anyscale Ray - OS Command Injection Vulnerability (CVE-2023-6019)
998505 CVE-2023-44092 WEB-MISC Pandora FMS Prior to 776 - Remote Code Execution Vulnerability (CVE-2023-44092)
998506 CVE-2023-40000 WEB-WORDPRESS LiteSpeed Cache Prior To 5.7.0.1 - Stored Cross Site Scripting Vulnerability (CVE-2023-40000)
998507 CVE-2023-40000 WEB-WORDPRESS LiteSpeed Cache Prior To 5.7.0.1 - Stored Cross Site Scripting Vulnerability (CVE-2023-40000)
998508 CVE-2023-37679, CVE-2023-43208 WEB-MISC NextGen Mirth Connect < 4.4.1 - Unauthenticated RCE Vulnerability Via /server (CVE-2023-37679, CVE-2023-43208)
998509 CVE-2023-37679, CVE-2023-43208 WEB-MISC NextGen Mirth Connect < 4.4.1 - Unauthenticated RCE Vulnerability Via /users (CVE-2023-37679, CVE-2023-43208)
998510 CVE-2023-25196 WEB-MISC Apache Fineract Prior to 1.8.4 - SQL Injection Vulnerabilities (CVE-2023-25196)
998511 CVE-2023-25195 WEB-MISC Apache Fineract Prior to 1.8.4 - Server-Side Request Forgery Vulnerability (CVE-2023-25195)
Signature update version 128