Cloud One Workload Security and Deep Security Updates
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Client Common
1011442 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
Web Server Miscellaneous
1011456 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011455 - Atlassian Confluence And Data Center Remote Code Execution Vulnerability (CVE-2022-26134) - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
CentOS Web Panel
1011441 - CentOS Web Panel 'ajax_dashboard' SQL Injection Vulnerability (CVE-2020-15626)
1011437 - CentOS Web Panel Multiple SQL Injection Vulnerabilities
DCERPC Services - Client
1011436 - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2022-26809)
Web Application Common
1010199* - Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618)
Web Application PHP Based
1011435 - ThinkCMF Remote Code Execution Vulnerability
1011439 - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
Web Server Miscellaneous
1011440 - Atlassian Jira Authentication Bypass Vulnerability (CVE-2022-0540)
Zoho ManageEngine Applications Manager
1010698* - Zoho ManageEngine Applications Manager 'showMonitorGroupView' SQL Injection Vulnerability
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
1011062* - Zoho ManageEngine Applications Manager Cross Site Scripting Vulnerability (CVE-2021-31813)
1010903* - Zoho ManageEngine Applications Manager Custom Monitor Type SQL Injection Vulnerability
1010109* - Zoho ManageEngine Applications Manager MASRequestProcessor 'serverID' SQL Injection Vulnerability
1010448* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15533)
1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)
1010811* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-35765)
1011020* - Zoho ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability
1011012* - Zoho ManageEngine Applications Manager URL Monitor SQL Injection Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001) - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Kylin
1011418 - Apache Kylin REST API Admin Configuration Information Disclosure Vulnerability (CVE-2020-13937)
Atlassian Bitbucket
1011432 - Atlassian Bitbucket Data Center Server Java Deserialization Vulnerability (CVE-2022-26133)
Oracle E-Business Suite Web Interface
1011429 - Oracle E-Business Suite 'iesfootprint' SQL Injection Vulnerability (CVE-2017-3549)
SAP BusinessObjects Business Intelligence
1011428 - SAP BusinessObjects Business Intelligence XXE Injection Vulnerability (CVE-2022-28213)
SSL Client Applications
1001113* - SSL/TLS Client (ATT&CK T1573.002, T1071.001)
SolarWinds Network Performance Monitor
1011417* - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)
Suspicious Client Application Activity
1003462* - Detected Web Client Traffic
Web Application Common
1010635* - Jenkins Groovy Plugin Sandbox Bypass Multiple Vulnerabilities
Web Application PHP Based
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010546* - GNUBoard Local/Remote File Inclusion Vulnerability (CVE-2009-0290)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1009970* - PHP EXIF Parsing Heap Overflow Vulnerability (CVE-2019-11041 and CVE-2019-11042)
1010035* - PHP EXIF Uninitialized Read Vulnerability (CVE-2019-9640)
1010037* - PHP Out Of Bounds Read Vulnerability (CVE-2018-20783)
1005671* - PHP SSL Module "subjectAltNames" NULL Byte Handling Security Vulnerability
1005529* - Parallels Plesk Remote PHP Command Execution Vulnerability
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011426 - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011431 - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011433 - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
Web Server Miscellaneous
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
Zoho ManageEngine
1011427 - Zoho ManageEngine Multiple Products Information Disclosure Vulnerability (CVE-2022-29457)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3 - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
SolarWinds Network Performance Monitor
1011417 - SolarWinds Orion Platform Blind SQL Injection Vulnerability (CVE-2021-35212)
Web Application PHP Based
1011425 - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011423 - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
Web Client Common
1011398* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
1011397* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2
1011415* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3
Web Server Adobe ColdFusion
1011422* - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)
Web Server Common
1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
Zoho ManageEngine
1011420* - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
Zoho ManageEngine ADSelfService Plus
1011412* - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Kerberos KDC Server
1011421 - Identified Kerberos Authentication with Spoofed Certificate
Redis Server
1011402* - Redis Remote Code Execution Vulnerability (CVE-2022-0543)
Suspicious Client Application Activity
1003462* - Detected Web Client Traffic
Veeam Distribution Service
1011408* - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)
Web Application PHP Based
1011416 - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011411 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419 - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
Web Server Adobe ColdFusion
1011422 - Adobe ColdFusion Cross-site Scripting Vulnerability (CVE-2022-28818)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1011212* - F5 BIG-IP and BIG-IQ iControl REST Authentication Bypass Vulnerabilities (CVE-2021-22986 and CVE-2022-1388)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
Web Server Oracle
1011413* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1
Zoho ManageEngine
1011420 - Zoho ManageEngine OpManager SQL Injection Vulnerability (CVE-2022-27908)
Zoho ManageEngine ADSelfService Plus
1011412 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability (CVE-2022-28810)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011360* - Microsoft Windows WMI Events - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Redis Server
1011402 - Redis Remote Code Execution Vulnerability (CVE-2022-0543)
Veeam Distribution Service
1011408 - Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2022-26501)
Web Application PHP Based
1011405 - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011409 - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011410 - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407 - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
Web Client Common
1011415 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3
Web Server Common
1011414 - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1011395* - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
1011406 - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
Web Server Miscellaneous
1011403 - Apache Struts2 Remote Code Execution Vulnerability (CVE-2021-31805)
1011396* - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
Web Server Oracle
1011413 - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007021* - Remote Registry Access Through SMBv2 Protocol Detected (ATT&CK T1012)
MySQL Cluster
1011222* - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)
MySQL Cluster NDBD
1011362* - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
1011389* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355)
1011391* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357)
1011385* - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)
1011390* - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)
SolarWinds Network Performance Monitor
1011384* - SolarWinds Orion Platform Unrestricted File Upload Vulnerability (CVE-2021-35244)
Web Application Common
1000552* - Generic Cross Site Scripting(XSS) Prevention
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerabilities (CVE-2019-1003029 and CVE-2019-1003030)
1011381* - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)
Web Application PHP Based
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011400 - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011404 - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011401 - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
Web Client Common
1009919* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
1011398 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 1
1011397 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 2
Web Client VNC
1011373* - TightVNC VNCViewer RFB Connection Heap Buffer Overflow Vulnerability (CVE-2022-23967)
Web Server Common
1011343* - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001)
1011377* - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)
1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)
Web Server HTTPS
1011395 - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
Web Server Miscellaneous
1011396 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616)
1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Database Microsoft SQL
1000917* - Restrict Microsoft SQL Server XP_CMDSHELL Procedure
MySQL Cluster NDBD
1011389 - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355)
1011391 - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357)
1011390 - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)
SolarWinds Network Performance Monitor
1011384 - SolarWinds Orion Platform Unrestricted File Upload Vulnerability (CVE-2021-35244)
Web Application Common
1005402* - Identified Suspicious User Agent In HTTP Request
Web Application PHP Based
1011392 - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011388 - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011393 - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
Web Application Tomcat
1011322* - Laravel Deserialization Remote Code Execution Vulnerability (CVE-2021-3129)
Web Client Common
1011394 - Foxit Reader Use After Free Vulnerability (CVE-2018-17705)
Web Client VNC
1011373 - TightVNC VNCViewer RFB Connection Heap Buffer Overflow Vulnerability (CVE-2022-23967)
Web Server Common
1011343 - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001)
1011377 - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)
Web Server Miscellaneous
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Oracle
1010223* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
MySQL Cluster
1011222 - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)
MySQL Cluster NDBD
1011362 - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621)
1011385 - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592)
Web Application Common
1011364* - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-0819)
1011381 - Pandora FMS Command Injection Vulnerability (CVE-2019-20224)
Web Application PHP Based
1011386 - Identified WordPress 'Error Log Viewer' Plugin File Clearing Request
1011380 - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011387 - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
Web Client Common
1011383 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-0289)
Web Server Common
1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)
1011372* - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)
Web Server Miscellaneous
1011378 - Eclipse Jetty Unauthenticated Information Disclosure Vulnerability (CVE-2021-28169)
1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
OpenSSL Client
1011370 - OpenSSL Client Denial Of Service Vulnerability (CVE-2022-0778)
Web Application Common
1011364 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-0819)
Web Application PHP Based
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011356 - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011353 - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011375 - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
Web Client Common
1011367 - Chromium Based Browsers Incorrect Authorization Vulnerability (CVE-2022-0309)
1011368 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-0297)
1011374 - Chromium Use After Free Vulnerability (CVE-2022-0609)
Web Client Mozilla Firefox
1011361 - Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability (CVE-2022-26381)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
1011344* - BMC Track-It Unrestricted File Upload Remote Code Execution Vulnerability (CVE-2021-35002)
1010175* - Cross-Site Scripting (XSS) Decoder
1011372* - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)
1010721* - VMware Multiple Products Command Injection Vulnerability (CVE-2020-4006)
Web Server Miscellaneous
1011376 - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog