21-023 (May 18, 2021)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1010954 - Apache OFBiz Insecure Deserialization Vulnerability (CVE-2021-29200)
1010951 - Apache OFBiz Insecure Deserialization Vulnerability (CVE-2021-30128)


Oracle E-Business Suite Web Interface
1010945 - Oracle E-Business Suite Reflected Cross-Site Scripting Vulnerability (CVE-2021-2182)


SAP NetWeaver Java Application Server
1010952 - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2016-3976)


Web Application Common
1010934 - Dolibarr ERP CRM Remote Code Execution Vulnerability (CVE-2020-14209)
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)


Web Application PHP Based
1010953 - Joomla! Arbitrary File Upload Vulnerability (CVE-2021-23132)


Web Server Common
1010944* - Apache Druid Remote Code Execution Vulnerability (CVE-2021-25646) - 1
1010949* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)


Web Server HTTPS
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
1010948* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-28482)


Web Server Nagios
1010943* - Nagios XI Authenticated OS Command Argument Injection Vulnerability (CVE-2020-5792)


Web Server Oracle
1010927 - Oracle Business Intelligence 'APSWebModule' Remote Code Execution Vulnerability (CVE-2021-2244)
1010928 - Oracle Business Intelligence T3 Protocol Deserialization of Untrusted Data Vulnerability (CVE-2021-2302)


Web Server SharePoint
1010947* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-31181)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.