Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9492

    • Updated:
    • 13 Jan 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9492      January 12, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before January 12, 2021. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2020-26870 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1636 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1637 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1638 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1641 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1642 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1643 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1644 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1645 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1646 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-164738690 
CVE-2021-1648 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1649 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1650 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1651 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1652 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1653 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1654 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1655 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1656 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1657 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1658 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1659 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1660 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1661 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1662 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1663 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1664 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1665 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1666 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1667 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1668 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1669 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1670 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1671 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1672 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1673 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1674 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1676 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1677 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1678 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1679 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1680 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1681 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1682 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1683 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1684 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1685 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1686 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1687 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1688 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1689 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1690 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1691 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1692 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1693 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1694 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1695 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1696 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1697 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1699 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1700 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1701 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1702 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1703 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1704 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1705 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1706 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-170738680 
CVE-2021-1708 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1709 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1710 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1711 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1712 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1713*38391 
CVE-2021-1714 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1715*38491 
CVE-2021-1716 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1717 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1718 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1719 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1723 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1725 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9492.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9492.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 20
 Modified Filters (logic changes) - 6
 Modified Filters (metadata changes only) - 6
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38650: HTTP: Google Chrome V8 Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Google Chrome V8.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2019-5782
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Other Client Application
      - Release Date: January 12, 2021

    38661: HTTP: Zoho ManageEngine Applications Manager showMonitorGroupView SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Zoho ManageEngine Applications Manager.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 12, 2021

    38669: ZDI-CAN-12201: Zero Day Initiative Vulnerability (Autodesk FBX)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk FBX.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38671: ZDI-CAN-12211: Zero Day Initiative Vulnerability (Autodesk FBX)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk FBX.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38672: ZDI-CAN-12212: Zero Day Initiative Vulnerability (Autodesk FBX)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Autodesk FBX.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38673: HTTP: Trend Micro InterScan Messaging Widget Information Disclosure Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an information disclosure vulnerability in Trend Micro InterScan Messaging Virtual Appliance.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27019 CVSS 6.7
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 12, 2021

    38676: UPnP: UPnP AddPortMapping() SOAP Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a UPnP AddPortMapping() SOAP request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: TCP (Generic)
      - Platform: Networked Hardware Device Application or Service
      - Release Date: January 12, 2021

    38677: HTTP: XStream Library CVE-2020-26217 Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in the XStream library.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-26217
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 12, 2021

    38678: HTTP: PEAR Archive Tar FILE Protocol Handling Arbitrary File Overwrite Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file overwrite vulnerability in PEAR Archive Tar.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-28949
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 12, 2021

    38680: HTTP: Microsoft SharePoint SetTemplateContent Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-1707
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: January 12, 2021

    38681: HTTP: MobileIron Core ACL Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an ACL bypass vulnerability in MobileIron.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-15505
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: January 12, 2021

    38682: HTTP: WordPress Canto Plugin SSRF Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a server-side request forgery (SSRF) vulnerability in the WordPress Canto Plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-28976, CVE-2020-28977, CVE-2020-28978
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: January 12, 2021

    38683: ZDI-CAN-12209: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38684: ZDI-CAN-12207: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38685: ZDI-CAN-12166: Zero Day Initiative Vulnerability (Siemens JT2Go)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38686: ZDI-CAN-12635: Zero Day Initiative Vulnerability (Microsoft Windows)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38687: ZDI-CAN-12213: Zero Day Initiative Vulnerability (SolarWinds Network Performance Monitor)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Network Performance Monitor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38689: ZDI-CAN-12441: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform, NGFW, or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: January 12, 2021

    38690: TCP: Microsoft Windows Defender ASPack Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Microsoft Windows Defender.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-1647
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: TCP (Generic)
      - Platform: Windows Client Application
      - Release Date: January 12, 2021

    38745: HTTP: SolarWinds Orion Platform Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit an authentication bypass vulnerability in SolarWinds Orion.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-10148
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: January 12, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    17165: Tunneling: DNS Tunneling Request (ATT&CK T1048)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: December 16, 2014
      - Last Modified Date: January 12, 2021

    34896: HTTP: LAquis SCADA LQS File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-1244)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "34896: ZDI-CAN-11029: Zero Day Initiative Vulnerability (Laquis SCADA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 16, 2020
      - Last Modified Date: January 12, 2021

    37048: HTTP: Arcserve D2D getNews XML External Entity Injection Vulnerability (ZDI-20-1397)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37048: ZDI-CAN-11103: Zero Day Initiative Vulnerability (CA ARCserve D2D)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: June 23, 2020
      - Last Modified Date: January 12, 2021

    37864: HTTP: Apple macOS AudioToolboxCore Wave Header Parsing Sign Extension Vulnerability (ZDI-20-1391)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37864: ZDI-CAN-11189: Zero Day Initiative Vulnerability (Apple macOS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: July 21, 2020
      - Last Modified Date: January 12, 2021

    38391: HTTP: Microsoft Excel XLS File Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38391: ZDI-CAN-12044: Zero Day Initiative Vulnerability (Microsoft Office Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: January 12, 2021

    38491: HTTP: Microsoft Word DOC File Parsing Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38491: ZDI-CAN-12184: Zero Day Initiative Vulnerability (Microsoft Word)".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 24, 2020
      - Last Modified Date: January 12, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    * 35638: HTTP: Webmin Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: July 09, 2019
      - Last Modified Date: January 12, 2021

    37916: HTTP: Plex set_local_app_data_path Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Release Date: July 28, 2020
      - Last Modified Date: January 12, 2021

    38267: HTTP: JBOSS Seam Framework Nuxeo ACL Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: October 27, 2020
      - Last Modified Date: January 12, 2021

    38380: HTTP: Oracle WebLogic Server Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: October 30, 2020
      - Last Modified Date: January 12, 2021

    38546: HTTP: WordPress Ultimate Member Role Parameter Supply Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38546: HTTP: WordPress Ultimate Member Role Parameter Supply Privilege Escalation Vulnerability".
      - Description updated.
      - Release Date: December 15, 2020
      - Last Modified Date: January 12, 2021

    * 38552: HTTP: WordPress Ultimate Member Profile Update Usage
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38552: HTTP: WordPress Ultimate Member Profile Update Privilege Escalation Vulnerability".
      - Severity changed from "Critical" to "Moderate".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: January 12, 2021

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000283945
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.