Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
There are no new or updated Deep Packet Inspection Rules in this Security Update.
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
In recent updates (DSRU 22-027, issued on June 7, 2022 and DSRU 22-028, issued on June 14, 2022), the following Application Types were updated to include an additional ports. This caused a false positive issue in very specific scenarios. This update addresses the issue by reverting the Application Types to their previous versions.
- Web Server Miscellaneous
- Web Application Common
- Web Server IIS
- Web Application Tomcat
- Web Server SharePoint
- Web Server Apache
Deep Packet Inspection Rules:
There are no new or updated Deep Packet Inspection Rules in this Security Update.
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
1011459 - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
Web Application Common
1011462 - Identified Java Runtime Usage In HTTP Request
Web Client Common
1011461 - Chromium Type Confusion Vulnerability (CVE-2021-38001)
1011447* - Trend Micro ServerProtect Multiple Denial-Of-Service Vulnerabilities
Web Server Common
1011460 - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Web Server Miscellaneous
1011438 - Identified LDAP Injection Attack In HTTP Request
Web Server Oracle
1011082 - Oracle Business Intelligence 'SAXParser' XML External Entity Injection Vulnerability (CVE-2021-2400)
Zoho ManageEngine AssetExplorer_SupportCenter Plus_ADManager Plus
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011257* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011327* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
Zoho ManageEngine OpManager_Network Configuration Manager
1011267* - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
1011254* - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)
1009399* - Zoho ManageEngine OpManager 'oputilsServlet' Authentication Bypass (CVE-2018-17283)
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability
1010342* - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1009470* - Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization Vulnerability (CVE-2018-19403)
1010337* - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
1010061* - Zoho ManageEngine OpManager OPMDeviceDetailsServlet Category SQL Injection Vulnerability (CVE-2019-17602)
1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
1011329* - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
Zoho ManageEngine ServiceDesk Plus_MSP
1010660* - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
1011255* - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)
1010592* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Multiple Vulnerabilities
1010593* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Vulnerability (CVE-2019-12543)
1011038* - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability (CVE-2021-20081)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
1010197* - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability (CVE-2020-10189)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011453 - Microsoft Windows WMI Events - 1
Deep Packet Inspection Rules:
DCERPC Services - Client
1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
1011459 - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
Web Application Common
1011462 - Identified Java Runtime Usage In HTTP Request
Web Client Common
1011461 - Chromium Type Confusion Vulnerability (CVE-2021-38001)
1011447* - Trend Micro ServerProtect Multiple Denial-Of-Service Vulnerabilities
Web Server Common
1011460 - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Web Server Miscellaneous
1011438 - Identified LDAP Injection Attack In HTTP Request
Web Server Oracle
1011082 - Oracle Business Intelligence 'SAXParser' XML External Entity Injection Vulnerability (CVE-2021-2400)
Zoho ManageEngine AssetExplorer_SupportCenter Plus_ADManager Plus
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
1011284* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)
1011257* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
1011327* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37926)
Zoho ManageEngine OpManager_Network Configuration Manager
1011267* - Zoho ManageEngine Network Configuration Manager Command Injection Vulnerability (CVE-2021-43319)
1011254* - Zoho ManageEngine Network Configuration Manager SQL Injection Vulnerability (CVE-2021-41081)
1011162* - Zoho ManageEngine OpManager 'GetDataCollectionFailureReason' SQL Injection Vulnerability (CVE-2021-40493)
1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)
1009399* - Zoho ManageEngine OpManager 'oputilsServlet' Authentication Bypass (CVE-2018-17283)
1009950* - Zoho ManageEngine OpManager Authenticated Code Execution Vulnerability
1010342* - Zoho ManageEngine OpManager Cachestart Directory Traversal Vulnerability (CVE-2020-13818)
1009470* - Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization Vulnerability (CVE-2018-19403)
1010337* - Zoho ManageEngine OpManager Directory Traversal Vulnerability (CVE-2020-12116)
1010061* - Zoho ManageEngine OpManager OPMDeviceDetailsServlet Category SQL Injection Vulnerability (CVE-2019-17602)
1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
1011329* - Zoho ManageEngine OpManager SumPDU Multiple Java Deserialization Vulnerabilities (CVE-2020-28653 and CVE-2021-3287)
Zoho ManageEngine ServiceDesk Plus_MSP
1010660* - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394)
1011255* - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)
1010592* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Multiple Vulnerabilities
1010593* - Zoho ManageEngine ServiceDesk Plus Cross Site Scripting Vulnerability (CVE-2019-12543)
1011038* - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability (CVE-2021-20081)
ZohoCorp ManageEngine Desktop Central
1010407* - Zoho ManageEngine Desktop Central AppDependency Arbitrary File Write Vulnerability (CVE-2020-10859)
1010197* - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability (CVE-2020-10189)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011453 - Microsoft Windows WMI Events - 1
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CentOS Web Panel
1011441* - CentOS Web Panel 'ajax_dashboard' SQL Injection Vulnerability (CVE-2020-15626)
1011448 - CentOS Web Panel Multiple Command Injection Vulnerabilities
1011437* - CentOS Web Panel Multiple SQL Injection Vulnerabilities
Oracle E-Business Suite Web Interface
1011429* - Oracle E-Business Suite 'iesfootprint' SQL Injection Vulnerability (CVE-2017-3549)
SAP BusinessObjects Business Intelligence
1011428* - SAP BusinessObjects Business Intelligence XXE Injection Vulnerability (CVE-2022-28213)
Web Application Common
1011443 - Adminer Arbitrary File Read Vulnerability (CVE-2021-43008)
Web Application PHP Based
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011450 - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011446 - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011452 - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
Web Client Common
1011442* - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (Follina) (CVE-2022-30190)
1011447 - Trend Micro ServerProtect 'splx_manual_scan' Denial-Of-Service Vulnerability (CVE-2021-25224)
Web Server Common
1011449 - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965) - 1
Web Server Miscellaneous
1011456* - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CentOS Web Panel
1011441* - CentOS Web Panel 'ajax_dashboard' SQL Injection Vulnerability (CVE-2020-15626)
1011448 - CentOS Web Panel Multiple Command Injection Vulnerabilities
1011437* - CentOS Web Panel Multiple SQL Injection Vulnerabilities
Oracle E-Business Suite Web Interface
1011429* - Oracle E-Business Suite 'iesfootprint' SQL Injection Vulnerability (CVE-2017-3549)
SAP BusinessObjects Business Intelligence
1011428* - SAP BusinessObjects Business Intelligence XXE Injection Vulnerability (CVE-2022-28213)
Web Application Common
1011443 - Adminer Arbitrary File Read Vulnerability (CVE-2021-43008)
Web Application PHP Based
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011450 - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011446 - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011452 - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
Web Client Common
1011442* - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (Follina) (CVE-2022-30190)
1011447 - Trend Micro ServerProtect 'splx_manual_scan' Denial-Of-Service Vulnerability (CVE-2021-25224)
Web Server Common
1011449 - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965) - 1
Web Server Miscellaneous
1011456* - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Client Common
1011442 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
Web Server Miscellaneous
1011456 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011455 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
Deep Packet Inspection Rules:
Web Client Common
1011442 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
Web Server Miscellaneous
1011456 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011455 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CentOS Web Panel
1011441 - CentOS Web Panel 'ajax_dashboard' SQL Injection Vulnerability (CVE-2020-15626)
1011437 - CentOS Web Panel Multiple SQL Injection Vulnerabilities
DCERPC Services - Client
1011436 - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2022-26809)
Web Application Common
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
Web Application PHP Based
1011435 - ThinkCMF Remote Code Execution Vulnerability
1011439 - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
Web Server Miscellaneous
1011440 - Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)
Zoho ManageEngine Applications Manager
1010698* - Zoho ManageEngine Applications Manager 'showMonitorGroupView' SQL Injection Vulnerability
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
1011062* - Zoho ManageEngine Applications Manager Cross Site Scripting Vulnerability (CVE-2021-31813)
1010903* - Zoho ManageEngine Applications Manager Custom Monitor Type SQL Injection Vulnerability
1010109* - Zoho ManageEngine Applications Manager MASRequestProcessor 'serverID' SQL Injection Vulnerability
1010448* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)
1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)
1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
1011012* - Zoho ManageEngine Applications Manager URL Monitor SQL Injection Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
Deep Packet Inspection Rules:
CentOS Web Panel
1011441 - CentOS Web Panel 'ajax_dashboard' SQL Injection Vulnerability (CVE-2020-15626)
1011437 - CentOS Web Panel Multiple SQL Injection Vulnerabilities
DCERPC Services - Client
1011436 - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2022-26809)
Web Application Common
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
Web Application PHP Based
1011435 - ThinkCMF Remote Code Execution Vulnerability
1011439 - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
Web Server Miscellaneous
1011440 - Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)
Zoho ManageEngine Applications Manager
1010698* - Zoho ManageEngine Applications Manager 'showMonitorGroupView' SQL Injection Vulnerability
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
1011062* - Zoho ManageEngine Applications Manager Cross Site Scripting Vulnerability (CVE-2021-31813)
1010903* - Zoho ManageEngine Applications Manager Custom Monitor Type SQL Injection Vulnerability
1010109* - Zoho ManageEngine Applications Manager MASRequestProcessor 'serverID' SQL Injection Vulnerability
1010448* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)
1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)
1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
1011012* - Zoho ManageEngine Applications Manager URL Monitor SQL Injection Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Kylin
1011418 - Apache Kylin REST API Admin Configuration Information Disclosure Vulnerability (CVE-2020-13937)
Atlassian Bitbucket
1011432 - Atlassian Bitbucket Data Center Server Java Deserialization Vulnerability (CVE-2022-26133)
Oracle E-Business Suite Web Interface
1011429 - Oracle E-Business Suite 'iesfootprint' SQL Injection Vulnerability (CVE-2017-3549)
SAP BusinessObjects Business Intelligence
1011428 - SAP BusinessObjects Business Intelligence XXE Injection Vulnerability (CVE-2022-28213)
SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1573.002, T1071.001)
SolarWinds Network Performance Monitor
1011417* - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)
Suspicious Client Application Activity
1003462* - Detected Web Client Traffic
Web Application Common
1010635* - Jenkins Groovy Plugin Sandbox Bypass Multiple Vulnerabilities
Web Application PHP Based
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010546* - GNUBoard Local/Remote File Inclusion Vulnerability (CVE-2009-0290)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1009970* - PHP EXIF Parsing Heap Overflow Vulnerability (CVE-2019-11041 and CVE-2019-11042)
1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
1010037* - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
1005671* - PHP SSL Module "subjectAltNames" NULL Byte Handling Security Vulnerability
1005529* - Parallels Plesk Remote PHP Command Execution Vulnerability
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011426 - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011431 - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011433 - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
Web Server Miscellaneous
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
Zoho ManageEngine
1011427 - Zoho ManageEngine Multiple Products Information Disclosure Vulnerability (CVE-2022-29457)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
Deep Packet Inspection Rules:
Apache Kylin
1011418 - Apache Kylin REST API Admin Configuration Information Disclosure Vulnerability (CVE-2020-13937)
Atlassian Bitbucket
1011432 - Atlassian Bitbucket Data Center Server Java Deserialization Vulnerability (CVE-2022-26133)
Oracle E-Business Suite Web Interface
1011429 - Oracle E-Business Suite 'iesfootprint' SQL Injection Vulnerability (CVE-2017-3549)
SAP BusinessObjects Business Intelligence
1011428 - SAP BusinessObjects Business Intelligence XXE Injection Vulnerability (CVE-2022-28213)
SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1573.002, T1071.001)
SolarWinds Network Performance Monitor
1011417* - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)
Suspicious Client Application Activity
1003462* - Detected Web Client Traffic
Web Application Common
1010635* - Jenkins Groovy Plugin Sandbox Bypass Multiple Vulnerabilities
Web Application PHP Based
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010546* - GNUBoard Local/Remote File Inclusion Vulnerability (CVE-2009-0290)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1009970* - PHP EXIF Parsing Heap Overflow Vulnerability (CVE-2019-11041 and CVE-2019-11042)
1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
1010037* - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
1005671* - PHP SSL Module "subjectAltNames" NULL Byte Handling Security Vulnerability
1005529* - Parallels Plesk Remote PHP Command Execution Vulnerability
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011426 - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011431 - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011433 - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
Web Server Miscellaneous
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
Zoho ManageEngine
1011427 - Zoho ManageEngine Multiple Products Information Disclosure Vulnerability (CVE-2022-29457)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
SolarWinds Network Performance Monitor
1011417 - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)
Web Application PHP Based
1011425 - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011423 - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
Web Client Common
1011398* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
1011397* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2
1011415* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3
Web Server Adobe ColdFusion
1011422* - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)
Web Server Common
1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
Zoho ManageEngine
1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
Zoho ManageEngine ADSelfService Plus
1011412* - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
SolarWinds Network Performance Monitor
1011417 - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)
Web Application PHP Based
1011425 - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011423 - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
Web Client Common
1011398* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
1011397* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2
1011415* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3
Web Server Adobe ColdFusion
1011422* - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)
Web Server Common
1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
Zoho ManageEngine
1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
Zoho ManageEngine ADSelfService Plus
1011412* - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Kerberos KDC Server
1011421 - Identified Kerberos Authentication with Spoofed Certificate
Redis Server
1011402* - Redis Remote Code Execution Vulnerability (CVE-2022-0543)
Suspicious Client Application Activity
1003462* - Detected Web Client Traffic
Veeam Distribution Service
1011408* - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)
Web Application PHP Based
1011416 - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011411 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
Web Server Adobe ColdFusion
1011422 - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerabilities (CVE-2021-22986 and CVE-2022-1388)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
Web Server Oracle
1011413* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1
Zoho ManageEngine
1011420 - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
Zoho ManageEngine ADSelfService Plus
1011412 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011360* - Microsoft Windows WMI Events
Deep Packet Inspection Rules:
Kerberos KDC Server
1011421 - Identified Kerberos Authentication with Spoofed Certificate
Redis Server
1011402* - Redis Remote Code Execution Vulnerability (CVE-2022-0543)
Suspicious Client Application Activity
1003462* - Detected Web Client Traffic
Veeam Distribution Service
1011408* - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)
Web Application PHP Based
1011416 - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011411 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
Web Server Adobe ColdFusion
1011422 - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerabilities (CVE-2021-22986 and CVE-2022-1388)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
Web Server Oracle
1011413* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1
Zoho ManageEngine
1011420 - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
Zoho ManageEngine ADSelfService Plus
1011412 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011360* - Microsoft Windows WMI Events
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Redis Server
1011402 - Redis Remote Code Execution Vulnerability (CVE-2022-0543)
Veeam Distribution Service
1011408 - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)
Web Application PHP Based
1011405 - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011409 - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011410 - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407 - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
Web Client Common
1011415 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3
Web Server Common
1011414 - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1011395* - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
1011406 - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
Web Server Miscellaneous
1011403 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)
1011396* - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
Web Server Oracle
1011413 - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Redis Server
1011402 - Redis Remote Code Execution Vulnerability (CVE-2022-0543)
Veeam Distribution Service
1011408 - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)
Web Application PHP Based
1011405 - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011409 - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011410 - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407 - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
Web Client Common
1011415 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3
Web Server Common
1011414 - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1011395* - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
1011406 - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
Web Server Miscellaneous
1011403 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)
1011396* - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
Web Server Oracle
1011413 - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007021* - Remote Registry Access Through SMBv2 Protocol Detected (ATT&CK T1012)
MySQL Cluster
1011222* - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)
MySQL Cluster NDBD
1011362* - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
1011389* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355)
1011391* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357)
1011385* - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)
1011390* - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)
SolarWinds Network Performance Monitor
1011384* - SolarWinds Orion Platform Unrestricted File Upload Vulnerability (CVE-2021-35244)
Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerabilities (CVE-2019-1003029 and CVE-2019-1003030)
1011381* - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)
Web Application PHP Based
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011400 - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011404 - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011401 - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
Web Client Common
1009919* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
1011398 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
1011397 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2
Web Client VNC
1011373* - TightVNC VNCViewer RFB Connection Heap Buffer Overflow Vulnerability (CVE-2022-23967)
Web Server Common
1011343* - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001)
1011377* - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)
1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)
Web Server HTTPS
1011395 - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
Web Server Miscellaneous
1011396 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007021* - Remote Registry Access Through SMBv2 Protocol Detected (ATT&CK T1012)
MySQL Cluster
1011222* - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)
MySQL Cluster NDBD
1011362* - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
1011389* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355)
1011391* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357)
1011385* - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)
1011390* - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)
SolarWinds Network Performance Monitor
1011384* - SolarWinds Orion Platform Unrestricted File Upload Vulnerability (CVE-2021-35244)
Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerabilities (CVE-2019-1003029 and CVE-2019-1003030)
1011381* - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)
Web Application PHP Based
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011400 - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011404 - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011401 - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
Web Client Common
1009919* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
1011398 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
1011397 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2
Web Client VNC
1011373* - TightVNC VNCViewer RFB Connection Heap Buffer Overflow Vulnerability (CVE-2022-23967)
Web Server Common
1011343* - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001)
1011377* - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)
1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)
Web Server HTTPS
1011395 - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
Web Server Miscellaneous
1011396 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more