22-015 (March 29, 2022)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

MySQL Cluster
1011292* - Oracle MySQL Cluster Management Server Remote Code Execution Vulnerability (CVE-2022-21279)
1011291* - Oracle MySQL Cluster Management Server Remote Code Execution Vulnerability (CVE-2022-21280)


OpenSSL
1011366 - OpenSSL Server Denial Of Service Vulnerability (CVE-2022-0778)


Remote Desktop Protocol Server
1007969* - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110, T1021.001)


Web Application PHP Based
1011358 - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011325* - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011352 - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011340 - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)


Web Server Adobe ColdFusion
1011355 - Identified Adobe ColdFusion LDAP Server Connection Request


Web Server Common
1011331 - Apache APISIX 'batch-requests' Plugin Remote Code Execution Vulnerability (CVE-2022-24112)
1011344 - BMC Track-It Unrestricted File Upload Remote Code Execution Vulnerability (CVE-2021-35002)
1010721 - VMware Multiple Products Command Injection Vulnerability (CVE-2020-4006)


Web Server HTTPS
1011349 - Trend Micro Apex Central And Control Manager Remote Code Execution Vulnerability (CVE-2022-26871)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011360 - Microsoft Windows WMI Events