Signature update for September 2021

New signatures rules are generated for the vulnerabilities identified in the week 2021-09-11. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 68 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 and Citrix ADC 13.1 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999163 CVE-2021-37556 WEB-MISC Centreon Multiple Versions - SQL Injection Vulnerability Via End Parameter (CVE-2021-37556)
999164 CVE-2021-37556 WEB-MISC Centreon Multiple Versions - SQL Injection Vulnerability Via Start Parameter (CVE-2021-37556)
999165 CVE-2021-37353 WEB-MISC Nagios XI Docker Wizard Prior to 1.1.3 - SSRF Vulnerability Via host Parameter Without URI Scheme (CVE-2021-37353)
999166 CVE-2021-37353 WEB-MISC Nagios XI Docker Wizard Prior to 1.1.3 - SSRF Vulnerability Via host Parameter With URI Scheme (CVE-2021-37353)
999167 CVE-2021-34638 WEB-WORDPRESS Download Manager Plugin Prior to 3.1.25 - Directory Traversal Vulnerability (CVE-2021-34638)
999168 CVE-2021-33766 WEB-MISC Microsoft Exchange Server - Information Disclosure Vulnerability (CVE-2021-33766)
999169 CVE-2021-32682 WEB-MISC elFinder Prior To 2.1.59 - Command Injection Vulnerability Via Archive (CVE-2021-32682)
999170 CVE-2021-26084 WEB-MISC Confluence Server and Data Center - OGNL Injection Vulnerability Via doenterpagevariables (CVE-2021-26084)
999171 CVE-2021-26084 WEB-MISC Confluence Server and Data Center - OGNL Injection Vulnerability Via createpage-entervariables (CVE-2021-26084)
999172 CVE-2021-23394 WEB-MISC elFinder Prior To 2.1.59 - Remote Code Execution Vulnerability Via Phar Makefile (CVE-2021-23394)
999173 CVE-2021-23394 WEB-MISC elFinder Prior To 2.1.59 - Remote Code Execution Vulnerability Via Phar Rename (CVE-2021-23394)
999174 CVE-2021-23394 WEB-MISC elFinder Prior To 2.1.59 - Remote Code Execution Vulnerability Via Phar Upload (CVE-2021-23394)
999175 CVE-2020-36289 WEB-MISC Atlassian Jira Server - Information Disclosure Vulnerability Via QueryComponentRendererValue (CVE-2020-36289)
999176 CVE-2020-16245 WEB-MISC Advantech iView Prior to 5.7.03.6112 - Path Traversal Vulnerability Via findSummaryCfgDeviceListExport (CVE-2020-16245)
999177 CVE-2020-16245 WEB-MISC Advantech iView Prior to 5.7.03.6112 - Path Traversal Vulnerability Via findUpdateDeviceListExport (CVE-2020-16245)
999178 CVE-2020-13774 WEB-MISC Ivanti Endpoint Manager Multiple Versions - RCE Vulnerability Via EditLaunchPadDialog.aspx (CVE-2020-13774)
999179 CVE-2020-1147 WEB-MISC Microsoft SharePoint Server - Remote Code Execution Vulnerability Via Custom Page (CVE-2020-1147)
999180 CVE-2020-1147 WEB-MISC Microsoft SharePoint Server - Remote Code Execution Vulnerability Via quicklinksdialogform.aspx (CVE-2020-1147)
999181 CVE-2020-1147 WEB-MISC Microsoft SharePoint Server - Remote Code Execution Vulnerability Via quicklinks.aspx (CVE-2020-1147)
999182 CVE-2020-11110 WEB-MISC Apache Grafana Up to 6.7.1 - XSS Vulnerability (CVE-2020-11110)
999522 CVE-2020-13379 WEB-MISC Grafana 3.0.1 Through 7.0.1 - CSRF Bypass Leading To DOS Vulnerability (CVE-2020-13379)
Signature update for September 2021