Signature update for April 2021

New signatures rules are generated for the vulnerabilities identified in the week 2021-04-22. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 64 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999275 CVE-2021-3378 WEB-MISC FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload Vulnerability (CVE-2021-3378)
999276 CVE-2021-28925 WEB-MISC Nagios Network Analyzer Prior to 2.4.3 - SQL Injection Vulnerability (CVE-2021-28925)
999277 CVE-2021-28924 WEB-MISC Nagios Network Analyzer Prior to 2.4.3 - XSS Vulnerability (CVE-2021-28924)
999278 CVE-2021-27927 WEB-MISC Zabbix - CSRF Vulnerability Via action=authentication.update (CVE-2021-27927)
999279 CVE-2021-26295 WEB-MISC Apache OFBiz 17.12.06 - Unauthenticated Arbitrary Deserialization Vulnerability (CVE-2021-26295)
999280 CVE-2021-25770 WEB-MISC JetBrains YouTrack Prior to 2020.5.3123 - Server-Side Template Injection Vulnerability (CVE-2021-25770)
999281 CVE-2021-25283 WEB-MISC SaltStack Prior to 3002.5 - Remote Code Execution Vulnerability (CVE-2021-25283)
999282 CVE-2021-25283 WEB-MISC SaltStack Prior to 3002.5 - Remote Code Execution Vulnerability Via JSON Object (CVE-2021-25283)
999283 CVE-2021-24218 WEB-WORDPRESS Facebook for WordPress Plugin Prior to 3.0.4 - Stored Cross-Site Scripting Vulnerability (CVE-2021-24218)
999284 CVE-2021-24217 WEB-WORDPRESS Facebook for WordPress Plugin Prior to 3.0.2 - PHP Object Injection Vulnerability (CVE-2021-24217)
999285 CVE-2021-24209 WEB-WORDPRESS WP Super Cache Plugin Prior to 1.7.2 - Remote Code Execution Vulnerability in wp-cache-config.php (CVE-2021-24209)
999286 CVE-2021-24209 WEB-WORDPRESS WP Super Cache Plugin Prior to 1.7.2 - Arbitrary Code Injection Vulnerability (CVE-2021-24209)
999287 CVE-2021-24165 WEB-WORDPRESS Ninja Forms Plugin Prior to 3.4.34 - Open Redirect Vulnerability (CVE-2021-24165)
999288 CVE-2021-21975 WEB-MISC vRealize Operations Manager - Unauthenticated Server Side Request Forgery Vulnerability (CVE-2021-21975)
999289 CVE-2020-35578 WEB-MISC Nagios XI Prior to 5.8.0 - Remote Code Execution Vulnerability (CVE-2020-35578)
999290 CVE-2020-2766 WEB-MISC Oracle WebLogic Server - Unauthenticated SSRF Vulnerability (CVE-2020-2766)
999291 CVE-2020-17523 WEB-MISC Apache Shiro Prior to 1.7.1 - Authentication Bypass Vulnerability Via Space (CVE-2020-17523)
999292 CVE-2020-17523 WEB-MISC Apache Shiro Prior to 1.7.1 - Authentication Bypass Vulnerability Via Dot (CVE-2020-17523)
999293 CVE-2020-15160 WEB-MISC PrestaShop Prior to 1.7.6.8 - SQL Injection Vulnerability (CVE-2020-15160)
Signature update for April 2021