21-056 (December 14, 2021)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Storm Nimbus
1011236 - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


SolarWinds Network Performance Monitor
1011229 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221 - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)


Web Application Ruby Based
1011243 - Grafana Path Traversal Vulnerability (CVE-2021-43798)


Web Client Common
1011240 - Chromium Memory Corruption Vulnerability (CVE-2021-21118)
1011244 - Chromium Sandbox Bypass Vulnerability (CVE-2021-21132)
1011239 - Google Chrome Type Confusion Vulnerability (CVE-2021-30588)
1011238 - Google Chrome Use After Free Vulnerability (CVE-2020-15994)


Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


Web Server SharePoint
1011224 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


Web Server Squid
1011234 - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


Zoho ManageEngine
1011237 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)


Integrity Monitoring Rules:

1010856* - Linux/Unix - Static boot loader files modified (ATT&CK T1542)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.