Rule Update
22-028 (June 14, 2022)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
1011459 - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
Web Application Common
1011462 - Identified Java Runtime Usage In HTTP Request
Web Client Common
1011461 - Chromium Type Confusion Vulnerability (CVE-2021-38001)
1011447* - Trend Micro ServerProtect Multiple Denial-Of-Service Vulnerabilities
Web Server Common
1011460 - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Web Server Miscellaneous
1011438 - Identified LDAP Injection Attack In HTTP Request
Web Server Oracle
1011082 - Oracle Business Intelligence 'SAXParser' XML External Entity Injection Vulnerability (CVE-2021-2400)
Zoho ManageEngine AssetExplorer_SupportCenter Plus_ADManager Plus
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011257* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011327* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
Zoho ManageEngine OpManager_Network Configuration Manager
1011267* - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
1011254* - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)
1009399* - Zoho ManageEngine OpManager 'oputilsServlet' Authentication Bypass (CVE-2018-17283)
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability
1010342* - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1009470* - Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization Vulnerability (CVE-2018-19403)
1010337* - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
1010061* - Zoho ManageEngine OpManager OPMDeviceDetailsServlet Category SQL Injection Vulnerability (CVE-2019-17602)
1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
1011329* - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
Zoho ManageEngine ServiceDesk Plus_MSP
1010660* - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
1011255* - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)
1010592* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Multiple Vulnerabilities
1010593* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Vulnerability (CVE-2019-12543)
1011038* - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability (CVE-2021-20081)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
1010197* - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability (CVE-2020-10189)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011453 - Microsoft Windows WMI Events - 1
Deep Packet Inspection Rules:
DCERPC Services - Client
1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
1011459 - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
Web Application Common
1011462 - Identified Java Runtime Usage In HTTP Request
Web Client Common
1011461 - Chromium Type Confusion Vulnerability (CVE-2021-38001)
1011447* - Trend Micro ServerProtect Multiple Denial-Of-Service Vulnerabilities
Web Server Common
1011460 - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Web Server Miscellaneous
1011438 - Identified LDAP Injection Attack In HTTP Request
Web Server Oracle
1011082 - Oracle Business Intelligence 'SAXParser' XML External Entity Injection Vulnerability (CVE-2021-2400)
Zoho ManageEngine AssetExplorer_SupportCenter Plus_ADManager Plus
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011257* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011327* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
Zoho ManageEngine OpManager_Network Configuration Manager
1011267* - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
1011254* - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)
1009399* - Zoho ManageEngine OpManager 'oputilsServlet' Authentication Bypass (CVE-2018-17283)
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability
1010342* - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1009470* - Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization Vulnerability (CVE-2018-19403)
1010337* - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
1010061* - Zoho ManageEngine OpManager OPMDeviceDetailsServlet Category SQL Injection Vulnerability (CVE-2019-17602)
1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
1011329* - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
Zoho ManageEngine ServiceDesk Plus_MSP
1010660* - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
1011255* - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)
1010592* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Multiple Vulnerabilities
1010593* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Vulnerability (CVE-2019-12543)
1011038* - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability (CVE-2021-20081)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
1010197* - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability (CVE-2020-10189)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011453 - Microsoft Windows WMI Events - 1