Citrix ADC

Signature update for September 2022

New signatures rules are generated for the vulnerabilities identified in the week 2022-09-22. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 92 applicable for NetScaler VPX 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0, Citrix ADC 13.1 platforms.

Note

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
998884 CVE-2022-38130 WEB-MISC Keysight SMS Prior to 2.4.1 - Arbitrary File Upload Vulnerability Allows SQL Injection (CVE-2022-38130)
998885 CVE-2022-35741 WEB-MISC Apache Cloudstack Prior to 4.16.1.1 - XML External Entity Injection Vulnerability Via SAMLResponse (CVE-2022-35741)
998886 CVE-2022-35650 WEB-MISC Moodle Multiple Versions - Path Traversal Vulnerability Via Blackboard Questions (CVE-2022-35650)
998887 CVE-2022-32551 WEB-MISC Zoho ManageEngine ServiceDesk MSP Prior to 10604 - Unauthenticated Information Disclosure Via /WEB-INF (CVE-2022-32551)
998888 CVE-2022-31675 WEB-MISC VMware vRealize Operations Manager - Authentication Bypass Vulnerability (CVE-2022-31675)
998889 CVE-2022-31674 WEB-MISC VMware vRealize Operations Manager - Information Disclosure Vulnerability (CVE-2022-31674)
998890 CVE-2022-31656 WEB-MISC VMware Workspace ONE Access - Authentication Bypass Vulnerability (CVE-2022-31656)
998891 CVE-2022-31474 WEB-WORDPRESS BackupBuddy Plugin Prior to 8.7.5 - Information Disclosure Via backupbuddy_local_download (CVE-2022-31474)
998892 CVE-2022-31137, CVE-2022-31126 WEB-MISC Roxy-wi Prior To 6.1.1.0 - Multiple Command Injection Vulnerabilities (CVE-2022-31137, CVE-2022-31126)
998893 CVE-2022-28731 WEB-MISC Apache JSPWiki Prior to 2.11.3 - Server Side Request Forgery Vulnerability (CVE-2022-28731)
998894 CVE-2022-2551 WEB-WORDPRESS Duplicator Plugin Prior to 1.4.7.1 - Unauthenticated Backup Download Vulnerability (CVE-2022-2551)
998895 CVE-2022-2546 WEB-WORDPRESS All-in-One WP Migration Plugin Prior to 7.63 - Reflected XSS Vulnerability Via ai1wm_export (CVE-2022-2546)
998896 CVE-2022-2546 WEB-WORDPRESS All-in-One WP Migration Plugin Prior to 7.63 - Reflected XSS Vulnerability Via ai1wm_import (CVE-2022-2546)
998897 CVE-2022-24948 WEB-MISC Apache JSPWiki Prior to 2.11.2 - XSS Vulnerability (CVE-2022-24948)
998898 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via MenuServlet URI and page (CVE-2022-2139)
998899 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via CommandServlet URI and page (CVE-2022-2139)
998900 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via CommandServlet URI and filename (CVE-2022-2139)
998901 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via NetworkServlet URI and filename (CVE-2022-2139)
998902 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and exclude (CVE-2022-0817)
998903 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and include (CVE-2022-0817)
998904 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and order (CVE-2022-0817)
998905 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and orderby (CVE-2022-0817)
998906 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and offset (CVE-2022-0817)
998907 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and limit (CVE-2022-0817)
998908 CVE-2018-20062, CVE-2019-9082 WEB-MISC ThinkPHP 5.x Prior to 5.1.32 - Unauthenticated Remote Code Execution Vulnerability (CVE-2018-20062, CVE-2019-9082)
Signature update for September 2022