Citrix ADC

2022 年 9 月的签名更新

针对2022-09-22周发现的漏洞生成了新的签名规则。您可以下载并配置这些签名规则,以保护您的设备免受安全漏洞攻击。

签名版本

签名版本 92 适用于 NetScaler VPX 11.1、NetScaler 12.0、Citrix ADC 12.1、Citrix ADC 13.0、Citrix ADC 13.1 平台。

注意

启用帖子正文和响应正文签名规则可能会影响 Citrix ADC CPU。

常见漏洞条目 (CVE) 见解

以下是签名规则、CVE ID 及其描述的列表。

签名规则 CVE ID 说明
998884 CVE-2022-38130 WEB-MISC Keysight SMS Prior to 2.4.1 - Arbitrary File Upload Vulnerability Allows SQL Injection (CVE-2022-38130)
998885 CVE-2022-35741 WEB-MISC Apache Cloudstack Prior to 4.16.1.1 - XML External Entity Injection Vulnerability Via SAMLResponse (CVE-2022-35741)
998886 CVE-2022-35650 WEB-MISC Moodle Multiple Versions - Path Traversal Vulnerability Via Blackboard Questions (CVE-2022-35650)
998887 CVE-2022-32551 WEB-MISC Zoho ManageEngine ServiceDesk MSP Prior to 10604 - Unauthenticated Information Disclosure Via /WEB-INF (CVE-2022-32551)
998888 CVE-2022-31675 WEB-MISC VMware vRealize Operations Manager - Authentication Bypass Vulnerability (CVE-2022-31675)
998889 CVE-2022-31674 WEB-MISC VMware vRealize Operations Manager - Information Disclosure Vulnerability (CVE-2022-31674)
998890 CVE-2022-31656 WEB-MISC VMware Workspace ONE Access - Authentication Bypass Vulnerability (CVE-2022-31656)
998891 CVE-2022-31474 WEB-WORDPRESS BackupBuddy Plugin Prior to 8.7.5 - Information Disclosure Via backupbuddy_local_download (CVE-2022-31474)
998892 CVE-2022-31137, CVE-2022-31126 WEB-MISC Roxy-wi Prior To 6.1.1.0 - Multiple Command Injection Vulnerabilities (CVE-2022-31137, CVE-2022-31126)
998893 CVE-2022-28731 WEB-MISC Apache JSPWiki Prior to 2.11.3 - Server Side Request Forgery Vulnerability (CVE-2022-28731)
998894 CVE-2022-2551 WEB-WORDPRESS Duplicator Plugin Prior to 1.4.7.1 - Unauthenticated Backup Download Vulnerability (CVE-2022-2551)
998895 CVE-2022-2546 WEB-WORDPRESS All-in-One WP Migration Plugin Prior to 7.63 - Reflected XSS Vulnerability Via ai1wm_export (CVE-2022-2546)
998896 CVE-2022-2546 WEB-WORDPRESS All-in-One WP Migration Plugin Prior to 7.63 - Reflected XSS Vulnerability Via ai1wm_import (CVE-2022-2546)
998897 CVE-2022-24948 WEB-MISC Apache JSPWiki Prior to 2.11.2 - XSS Vulnerability (CVE-2022-24948)
998898 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via MenuServlet URI and page (CVE-2022-2139)
998899 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via CommandServlet URI and page (CVE-2022-2139)
998900 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via CommandServlet URI and filename (CVE-2022-2139)
998901 CVE-2022-2139 WEB-MISC Advantech iView Prior to 5.7.04.6469 - Path Traversal Vulnerability Via NetworkServlet URI and filename (CVE-2022-2139)
998902 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and exclude (CVE-2022-0817)
998903 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and include (CVE-2022-0817)
998904 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and order (CVE-2022-0817)
998905 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and orderby (CVE-2022-0817)
998906 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and offset (CVE-2022-0817)
998907 CVE-2022-0817 WEB-WORDPRESS BadgeOS Plugin Prior to 3.7.1 - SQLi Vulnerability Via get-earned-achievements and limit (CVE-2022-0817)
998908 CVE-2018-20062, CVE-2019-9082 WEB-MISC ThinkPHP 5.x Prior to 5.1.32 - Unauthenticated Remote Code Execution Vulnerability (CVE-2018-20062, CVE-2019-9082)
2022 年 9 月的签名更新