ADC

Signature update version 101

New signatures rules are generated for the vulnerabilities identified in the week 2023-01-24. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 101 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998790 CVE-2022-43452 WEB-MISC Delta Electronics DIAEnergie - SQL Injection Vulnerability Via Data Item Row Deletion (CVE-2022-43452)
998791 CVE-2022-43452 WEB-MISC Delta Electronics DIAEnergie - SQL Injection Vulnerability Via Data Type Row Deletion (CVE-2022-43452)
998792 CVE-2022-41080 WEB-MISC Microsoft Exchange Server - OWA Server Side Request Forgery Vulnerability (CVE-2022-41080)
998793 CVE-2022-40309 WEB-MISC Apache Archiva Prior to 2.2.9 - Arbitrary Directory Removal Vulnerability (CVE-2022-40309)
998794 CVE-2022-40308 WEB-MISC Apache Archiva Prior to 2.2.9 - Arbitrary File Read Vulnerability (CVE-2022-40308)
998795 CVE-2022-36962 WEB-MISC SolarWinds Platform Prior to 2022.4 - RCE Vulnerability Via SaveToDisk Create or Update (CVE-2022-36962)
998796 CVE-2022-36962 WEB-MISC SolarWinds Platform Prior to 2022.4 - RCE Vulnerability Via EmailUrl Create or Update (CVE-2022-36962)
998797 CVE-2022-3361 WEB-WORDPRESS WordPress Plugin Ultimate Member Prior to 2.5.1 - Directory Traversal (CVE-2022-3361)
998798 CVE-2022-24254 WEB-MISC Extensis Portfolio Prior to 4.0.1 - Arbitrary File Upload Vulnerability Via Backup Restore (CVE-2022-24254)
998799 CVE-2022-24253 WEB-MISC Extensis Portfolio Prior to 4.0.1 - Path Traversal Vulnerability Via brandingUpload (CVE-2022-24253)
998800 CVE-2022-0224 WEB-MISC Dolibarr Prior to 14.0.6 - SQL Injection Vulnerability (CVE-2022-0224)
998801 CVE-2021-35232 WEB-MISC SolarWinds Web Help Desk Prior to 12.7.7 Hotfix 1 - Use of Hard-Coded Credentials Vulnerability (CVE-2021-35232)
Signature update version 101