Rule Update

23-002 (January 10, 2023)


* indicates a new version of an existing rule

Deep Packet Inspection Rules:

SolarWinds Information Service
1011642* - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerability (CVE-2022-36964)

Solr Service
1010203* - Apache Solr VelocityResponseWriter Remote Code Execution Vulnerability (CVE-2019-17558)

Web Application PHP Based
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)

Web Client Common
1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)

Web Server HTTPS
1011648 - Identified Usage of Microsoft Exchange SOAP Powershell

Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)

Zoho ManageEngine
1011653 - Zoho ManageEngine ADManager Plus Command Injection Vulnerability (CVE-2022-42904)
1011626* - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
1011652 - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-43671)

Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.

Log Inspection Rules:

1011654 - Microsoft Windows - Unsecured LSA Buffer Admin Credential Dumping Vulnerability (CVE-2023-21726) (ATT&CK T1003, T1552.002)