Trend Micro Security
  Rule Update

24-056 (2024年12月3日)


  概要

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

HP Intelligent Management Center (IMC)
1012120* - Apache OFBiz Authentication Bypass Vulnerability (CVE-2024-38856)


IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)


Ivanti Avalanche
1012203 - Ivanti Avalanche Directory Traversal Vulnerability (CVE-2024-23535)
1012053* - Ivanti Avalanche Multiple Vulnerabilities
1012217 - Ivanti Avalanche Remote Code Execution Vulnerability (CVE-2024-23534)
1012200 - Ivanti Avalanche XML External Entity Processing Vulnerability (CVE-2024-38653)


Ivanti Endpoint Manager
1012211 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32839)
1012204 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50328)


Kubernetes API Server
1012165* - Kubernetes Ingress-Nginx Code Injection Vulnerability (CVE-2023-5044)


Mail Server Common
1012173 - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-42009)


Progress WhatsUp Gold WCF service
1012123* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5015)


Unix Samba
1012198 - Linux Kernel KSMBD Information Disclosure Vulnerability (CVE-2023-4458)


Web Server Apache
1012166* - Apache Httpd 'mod_cgi Handler' Improper Input Validation Vulnerability (CVE-2024-38476)


Web Server HTTPS
1012218 - Centreon SQL Injection Vulnerability (CVE-2024-39841)
1012170* - Centreon SQL Injection Vulnerability (CVE-2024-39842 and CVE-2024-39843)
1012197 - Centreon SQL Injection Vulnerability (CVE-2024-5725)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.