ADC

Signature update version 98

New signatures rules are generated for the vulnerabilities identified in the week 2022-12-06. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 98 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998820 CVE-2022-43781 WEB-MISC Atlassian Bitbucket Server Multiple Versions - OS Command Injection Vulnerability (CVE-2022-43781)
998821 CVE-2022-43775 WEB-MISC Delta DIAEnergie - SQL Injection Vulnerability Via HandlerTag_KID (CVE-2022-43775)
998822 CVE-2022-43774 WEB-MISC Delta DIAEnergie - SQL Injection Vulnerability Via HandlerPageP_KID and KID (CVE-2022-43774)
998823 CVE-2022-43774 WEB-MISC Delta DIAEnergie - SQL Injection Vulnerability Via HandlerPageP_KID and HtmlId (CVE-2022-43774)
998824 CVE-2022-42977, CVE-2022-42978 WEB-MISC Netic Confluence User Export App Prior to 1.3.5 - Information Disclosure Vulnerability (CVE-2022-42977, CVE-2022-42978)
998825 CVE-2022-40127 WEB-MISC Apache Airflow Prior To 2.4.0 - Example Dags Command Injection Vulnerability via Api (CVE-2022-40127)
998826 CVE-2022-40127 WEB-MISC Apache Airflow Prior To 2.4.0 - Example Dags Command Injection Vulnerability via Trigger (CVE-2022-40127)
998827 CVE-2022-39298 WEB-MISC Melis Platform Prior to 5.0.1 - MelisFront Arbitrary Deserialization Vulnerability (CVE-2022-39298)
998828 CVE-2022-39297 WEB-MISC Melis Platform Prior to 5.0.1 - MelisCms Arbitrary Deserialization Vulnerability (CVE-2022-39297)
998829 CVE-2022-39296 WEB-MISC Melis Platform Prior to 5.0.1 - MelisAssetManager Arbitrary File Read Vulnerability (CVE-2022-39296)
998830 CVE-2022-38772 WEB-MISC Zoho ManageEngine Multiple Products - OS Command Injection Vulnerability Via configureNmapScanOptions (CVE-2022-38772)
998831 CVE-2022-35933 WEB-MISC Prestashop Productcomments Prior to 5.0.2 - Cross-Site Scripting Vulnerability (CVE-2022-35933)
998832 CVE-2022-3214 WEB-MISC Delta DIAEnergie - Use of Hard-Coded Credentials Vulnerability (CVE-2022-3214)
998833 CVE-2022-24716 WEB-MISC Icinga Web 2 - Arbitrary File Read Vulnerability via icinga-php-library (CVE-2022-24716)
998834 CVE-2022-24716 WEB-MISC Icinga Web 2 - Arbitrary File Read Vulnerability via icinga-php-thirdparty (CVE-2022-24716)
998835 CVE-2022-24715 WEB-MISC Icinga Web 2 - Path Traversal Vulnerability (CVE-2022-24715)
998836 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via NetworkServlet URI and filename (CVE-2022-2139)
998837 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via CommandServlet URI and filename (CVE-2022-2139)
998838 CVE-2021-39144 WEB-MISC VMware Cloud Foundation 3.x - Remote Code Execution Vulnerability via XStream (CVE-2021-39144)
998839 CVE-2021-35220 WEB-MISC SolarWinds Orion Prior to 2020.2.6 HF1 - RCE Vulnerability Via EmailWebPage and TestAction (CVE-2021-35220)
998840 CVE-2021-35220 WEB-MISC SolarWinds Orion Prior to 2020.2.6 HF1 - RCE Vulnerability Via EmailWebPage Create or Update (CVE-2021-35220)
Signature update version 98