Rule Update

22-020 (April 26, 2022)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1007021* - Remote Registry Access Through SMBv2 Protocol Detected (ATT&CK T1012)


MySQL Cluster
1011222* - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)


MySQL Cluster NDBD
1011362* - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
1011389* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355)
1011391* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357)
1011385* - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)
1011390* - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)


SolarWinds Network Performance Monitor
1011384* - SolarWinds Orion Platform Unrestricted File Upload Vulnerability (CVE-2021-35244)


Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerabilities (CVE-2019-1003029 and CVE-2019-1003030)
1011381* - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)


Web Application PHP Based
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011400 - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011404 - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011401 - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)


Web Client Common
1009919* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
1011398 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
1011397 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2


Web Client VNC
1011373* - TightVNC VNCViewer RFB Connection Heap Buffer Overflow Vulnerability (CVE-2022-23967)


Web Server Common
1011343* - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001)
1011377* - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)
1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)


Web Server HTTPS
1011395 - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)


Web Server Miscellaneous
1011396 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.