Summary
Digital Vaccine #9413 May 5, 2020
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. Note: Customers with TP10 devices should perform a soft reboot of their IPS before installing the new DV to avoid a memory issue during the install. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9413.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9413.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 19
Modified Filters (logic changes) - 28
Modified Filters (metadata changes only) - 3
Removed Filters - 0
Filters
----------------
New Filters:
37634: HTTP: Oracle E-Business Suite Human Resources CVE-2020-2956 SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Oracle E-Business Suite. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-2956 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37690: ZDI-CAN-10626: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37691: ZDI-CAN-10627-29,33-34,55-58,60: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37692: ZDI-CAN-10630,10636,10976,10988-95: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37693: ZDI-CAN-10645: Zero Day Initiative Vulnerability (Advantech iView) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Advantech iView. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37694: ZDI-CAN-10883: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37696: ZDI-CAN-10885: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37697: ZDI-CAN-10887: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37699: HTTP: Cisco SD-WAN Solution vManage SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Cisco SD-WAN Solution. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-16012 CVSS 8.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37700: ZDI-CAN-10893: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Delta Industrial Automation CNCSoft ScreenEditor. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37701: ZDI-CAN-10930: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37702: ZDI-CAN-10931: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fuji Electric Tellus Lite V-Simulator 6. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service 37710: HTTP: Google Chrome WebRTC Use-After-Free Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Google Chrome. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2019-13694 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Client Application 37711: HTTP: CoDeSys V3 CmpWebServerHandler MemGCGetSize Integer Overflow Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit an integer overflow vulnerability in CoDeSys V3. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-10245 CVSS 10.0 - Classification: Vulnerability - Buffer/Heap Overflow - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37712: HTTP: dotCMS CMSFilter assets Directory Traversal Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a directory traversal vulnerability in dotCMS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-6754 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37714: HTTP: Isomorphic SmartClient downloadWSDL Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects downloadWSDL requests in Isomorphic SmartClient. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-9352 - Classification: Vulnerability - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37717: HTTP: Pandora FMS Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command Injection vulnerability in Pandora FMS. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service 37719: TCP: Oracle WebLogic Server T3 Protocol Java Deserialization Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a Java deserialization vulnerability in Oracle WebLogic Server. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-2798 CVSS 6.5 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: TCP (Generic) - Platform: Multi-Platform Server Application or Service 37720: TCP: Redis Arbitrary File Upload - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects commands used to upload arbitrary files in Redis. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: TCP (Generic) - Platform: UNIX/Linux Server Application or Service Modified Filters (logic changes): * = Enabled in Default deployments 33860: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-303,ZDI-20-167) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33860: HTTP: HPE Intelligent Management Center mediaForAction Code Execution Vulnerability (ZDI-19-303)". - Description updated. - Detection logic updated. - Vulnerability references updated. 33862: HTTP: HPE Intelligent Management Center Code Execution Vulnerability(ZDI-19-336,ZDI-20-181) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33862: HTTP: HPE Intelligent Management Center iccSelectDymicParam Code Execution Vulnerability(ZDI-19-336)". - Description updated. - Detection logic updated. - Vulnerability references updated. 34220: HTTP: Microsoft Windows ADODB Type Confusion Vulnerability (ZDI-19-626) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34220: ZDI-CAN-7754,7755,7853-7855: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35038: HTTP: Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-579) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35038: ZDI-CAN-7781: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 35040: HTTP: Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer (ZDI-19-575) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35040: ZDI-CAN-7784: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35042: HTTP: Phoenix Contact Automationworx BCP File Parsing Use-After-Free Vulnerability (ZDI-19-577) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35042: ZDI-CAN-7786: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35297: HTTP: Red Lion Crimson CD3 Parsing Buffer Overflow Vulnerability (ZDI-19-784) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35297: ZDI-CAN-8167: Zero Day Initiative Vulnerability (Red Lion Crimson)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35298: HTTP: Red Lion Crimson CD3 File Parsing Uninitialized Pointer Vulnerability (ZDI-19-786) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35298: ZDI-CAN-8168: Zero Day Initiative Vulnerability (Red Lion Crimson)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35329: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-794) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35329: ZDI-CAN-8300: Zero Day Initiative Vulnerability (Red Lion Crimson)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 35332: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-795) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35332: ZDI-CAN-8302: Zero Day Initiative Vulnerability (Red Lion Crimson)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 35333: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-792) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35333: ZDI-CAN-8305: Zero Day Initiative Vulnerability (Red Lion Crimson)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 35334: HTTP: Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-19-796) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35334: ZDI-CAN-8307: Zero Day Initiative Vulnerability (Red Lion Crimson)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 35346: HTTP: Red Lion Crimson CD31 File Parsing Use-After-Free Vulnerability (ZDI-19-797) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35346: ZDI-CAN-8310: Zero Day Initiative Vulnerability (Red Lion Crimson)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 35396: HTTP: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Vulnerability(ZDI-19-692) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35396: ZDI-CAN-8012: Zero Day Initiative Vulnerability (Rockwell Automation Arena Simulation)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35397: HTTP: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Vulnerability(ZDI-19-694) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35397: ZDI-CAN-8013: Zero Day Initiative Vulnerability (Rockwell Automation Arena Simulation)". - Description updated. - Detection logic updated. - Vulnerability references updated. 35399: HTTP: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Vulnerability(ZDI-19-695) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35399: ZDI-CAN-8014: Zero Day Initiative Vulnerability (Rockwell Automation Arena Simulation)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36143: HTTP: Cisco Data Center Network Manager persistUserInfo SQL Injection Vulnerability (ZDI-20-016) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. 36337: HTTP: Cisco Data Center Network Manager getRpmJobLength SQL Injection Vulnerability (ZDI-20-112) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36337: ZDI-CAN-9360: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36352: HTTP: Cisco Data Center Network Manager getSanZoneList SQL Injection Vulnerability (ZDI-20-064) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36352: ZDI-CAN-9169: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36353: HTTP: Cisco Data Center Network Manager getVsanList SQL Injection Vulnerability (ZDI-20-063) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36353: ZDI-CAN-9168: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36733: HTTP: Advantech WebAccess/NMS saveBackground Unrestricted File Upload Vulnerability (ZDI-20-373) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36733: ZDI-CAN-9566: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36735: HTTP: Advantech WebAccess/NMS searchDevice SQL Injection Vulnerability (ZDI-20-375) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36735: ZDI-CAN-9568: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36736: HTTP: Advantech WebAccess/NMS mibBrowserSetAction SQL Injection Vulnerability (ZDI-20-376) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36736: ZDI-CAN-9569: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36737: HTTP: Advantech WebAccess/NMS EMSgroupAction SQL Injection Vulnerability (ZDI-20-377) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36737: ZDI-CAN-9570: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36738: HTTP: Advantech WebAccess/NMS saveBackground SQL Injection Vulnerability (ZDI-20-378) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36738: ZDI-CAN-9571: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36739: HTTP: Advantech WebAccess/NMS saveBackgroundAction Directory Traversal Vulnerability (ZDI-20-379) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36739: ZDI-CAN-9572: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. 36746: HTTP: Advantech WebAccess/NMS LicenseImportAction Unrestricted File Upload (ZDI-20-385) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36746: ZDI-CAN-9578: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Description updated. - Detection logic updated. - Vulnerability references updated. 36751: HTTP: Advantech WebAccess/NMS SupportDeviceaddAction Arbitrary File Upload (ZDI-20-397) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36751: ZDI-CAN-9602: Zero Day Initiative Vulnerability (Advantech WebAccess/NMS)". - Description updated. - Detection logic updated. - Vulnerability references updated. Modified Filters (metadata changes only): * = Enabled in Default deployments 33861: HTTP: HPE Intelligent Management Center Code Execution Vulnerability (ZDI-19-295,ZDI-20-156) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "33861: HTTP: HPE Intelligent Management Center iccSelectRules Code Execution Vulnerability (ZDI-19-295)". - Description updated. - Vulnerability references updated. 34461: HTTP: HPE IMC Expression Language Injection Vulnerability (ZDI-19-518,ZDI-20-171) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34461: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-518)". - Description updated. - Vulnerability references updated. 34583: HTTP: HPE IMC Expression Language Injection Vulnerability (ZDI-19-519,ZDI-20-191) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "34583: HTTP: HPE Intelligent Management Center Expression Language Injection Vulnerability (ZDI-19-519)". - Description updated. - Vulnerability references updated. Removed Filters: NoneTop of the Page