23-039 (September 12, 2023)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

IPSec-IKE
1011801* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21758)


SNMP Server
1011647* - Net-SNMP NULL Pointer Dereference Vulnerability (CVE-2022-44792)


SolarWinds Orion Platform
1011851 - SolarWinds Orion Platform Incorrect Comparison Vulnerability (CVE-2023-23843)


Web Application PHP Based
1011845 - GLPI SQL Injection Vulnerability (CVE-2023-36808)
1011826* - Roundcube Webmail Command Injection Vulnerability (CVE-2020-12641)


Web Client Common
1011852 - Foxit PDF Reader and Editor Out-Of-Bounds Read Remote Code Execution Vulnerability (CVE-2023-38119)


Web Server Common
1011791* - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2022-48343)


Web Server HTTPS
1011794* - Contec CONPROSYS HMI System SQL Injection Vulnerability (CVE-2023-29154)


Web Server Miscellaneous
1011759* - Ivanti Avalanche Arbitrary File Upload Vulnerability (CVE-2023-28128)


Zoho ManageEngine ADSelfService Plus
1011793* - Zoho ManageEngine ADSelfService Plus Denial Of Service Vulnerability (CVE-2023-28342)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1004488* - Database Server - Microsoft SQL