22-008 (February 15, 2022)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1011303 - Microsoft Excel Information Disclosure Vulnerability (CVE-2022-22716)


Unix Samba
1011294* - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)


Web Application Common
1011295* - Pandora FMS SQL Injection Vulnerability (CVE-2021-32099)


Web Application PHP Based
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011299 - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)


Web Application Ruby Based
1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)
1011289 - Grafana Directory Traversal Vulnerability (CVE-2021-43813)
1011243* - Grafana Path Traversal Vulnerability (CVE-2021-43798)


Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
1010175* - Cross-Site Scripting (XSS) Decoder


Web Server Miscellaneous
1011253* - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21699)


Web Server Oracle
1011084* - Oracle Business Intelligence 'UpdateConnectionServlet' Remote Code Execution Vulnerability (CVE-2021-2396)
1002645* - Oracle mod_wl HTTP Request Method Remote Buffer Overflow


Zoho ManageEngine
1011260* - Zoho ManageEngine Multiple Products Arbitrary File Upload Vulnerability (CVE-2021-44077)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.