Citrix ADC

Signature update for July 2022

New signatures rules are generated for the vulnerabilities identified in the week 2022-07-08. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 89 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998942 CVE-2022-32532 WEB-MISC Apache Shiro Prior to 1.9.1 - RegexRequestMatcher Bypass Vulnerability Via Line Feed (CVE-2022-32532)
998943 CVE-2022-32532 WEB-MISC Apache Shiro Prior to 1.9.1 - RegexRequestMatcher Bypass Vulnerability Via Carriage Return (CVE-2022-32532)
998944 CVE-2022-30157 WEB-MISC Microsoft SharePoint - RCE Via Deserialization of Untrusted Data Vulnerability (CVE-2022-30157)
998945 CVE-2022-29847 WEB-MISC In Progress Ipswitch WhatsUp Gold - Unauthenticated Server-Side Request Forgery Vulnerability (CVE-2022-29847)
998946 CVE-2022-29535 WEB-MISC Zoho ManageEngine OpManager Multiple Versions - SQL Injection Vulnerability Via bview (CVE-2022-29535)
998947 CVE-2022-29535 WEB-MISC Zoho ManageEngine OpManager Multiple Versions - SQL Injection Vulnerability Via category (CVE-2022-29535)
998948 CVE-2022-28219 WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7060 - Remote Code Execution Vulnerability (CVE-2022-28219)
998949 CVE-2022-28219 WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7060 - XXE Injection Vulnerability Via Task New Content (CVE-2022-28219)
998950 CVE-2022-28219 WEB-MISC Zoho ManageEngine ADAudit Plus Prior to 7060 - XXE Injection Vulnerability Via Task Content (CVE-2022-28219)
998951 CVE-2022-23642 WEB-MISC Sourcegraph Prior to 3.37 - gitserver Service Remote Code Execution Vulnerability (CVE-2022-23642)
998952 CVE-2022-23206 WEB-MISC Apache Traffic Control Traffic Ops Prior to 5.1.6 and 6.1.0 - SSRF Vulnerability (CVE-2022-23206)
998953 CVE-2022-1609 WEB-WORDPRESS Weblizar School Management Pro Plugin Prior to 9.9.7 - Remote Code Execution Vulnerability (CVE-2022-1609)
998954 CVE-2022-1209 WEB-WORDPRESS WordPress Plugin Ultimate Member Prior to 2.3.2 - Open Redirect Vulnerability (CVE-2022-1209)
998955 CVE-2021-46360 WEB-MISC Composr-CMS - Remote Code Execution Vulnerability (CVE-2021-46360)
998956 CVE-2021-43350 WEB-MISC Apache Traffic Control Traffic Ops Prior to 5.1.4 and 6.0.1 - LDAP Injection Vulnerability (CVE-2021-43350)
998957 CVE-2017-9248 WEB-MISC Telerik UI for ASP.NET AJAX before R2 2017 SP1 - Encryption Key Disclosure Vulnerability (CVE-2017-9248)
Signature update for July 2022