rule Update
23-002 (10 de enero de 2023)
Publish date: 10 de enero de 2023
Descripción
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
SolarWinds Information Service
1011642* - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerability (CVE-2022-36964)
Solr Service
1010203* - Apache Solr VelocityResponseWriter Remote Code Execution Vulnerability (CVE-2019-17558)
Web Application PHP Based
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
Web Client Common
1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)
Web Server HTTPS
1011648 - Identified Usage of Microsoft Exchange SOAP Powershell
Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
Zoho ManageEngine
1011653 - Zoho ManageEngine ADManager Plus Command Injection Vulnerability (CVE-2022-42904)
1011626* - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
1011652 - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-43671)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011654 - Microsoft Windows - Unsecured LSA Buffer Admin Credential Dumping Vulnerability (CVE-2023-21726) (ATT&CK T1003, T1552.002)
Deep Packet Inspection Rules:
SolarWinds Information Service
1011642* - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerability (CVE-2022-36964)
Solr Service
1010203* - Apache Solr VelocityResponseWriter Remote Code Execution Vulnerability (CVE-2019-17558)
Web Application PHP Based
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
Web Client Common
1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)
Web Server HTTPS
1011648 - Identified Usage of Microsoft Exchange SOAP Powershell
Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
Zoho ManageEngine
1011653 - Zoho ManageEngine ADManager Plus Command Injection Vulnerability (CVE-2022-42904)
1011626* - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
1011652 - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-43671)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011654 - Microsoft Windows - Unsecured LSA Buffer Admin Credential Dumping Vulnerability (CVE-2023-21726) (ATT&CK T1003, T1552.002)