Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9504

    • Updated:
    • 10 Feb 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9504      February 9, 2020
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
Microsoft Security Bulletins
This DV includes coverage for the Microsoft vulnerabilities released on or before February 9, 2021. The following table maps TippingPoint filters to the Microsoft CVEs.
CVEFilterStatus
CVE-2021-1639 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1698 Local/Not Network Visible
CVE-2021-1721 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1722 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1724 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1726 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1727 Local/Not Network Visible
CVE-2021-1728 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1730 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1731 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1732 Local/Not Network Visible
CVE-2021-1733 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-1734 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24066 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24067 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24068 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24069 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24070 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24071 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-2407238859 
CVE-2021-24073 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24074 Not Filterable
CVE-2021-24075 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24076 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24077 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-2407838853 
CVE-2021-24079 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24080 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24081 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24082 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24083 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24084 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24085 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24086 Not Filterable
CVE-2021-24087 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24088 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24091 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24092 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24093 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24094 Not Filterable
CVE-2021-24096 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24098 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24099 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24100 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24101 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24102 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24103 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24105 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24106 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24109 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24111 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24112 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-24114 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-25195 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26700 Vendor Deemed Reproducibility or Exploitation Unlikely
CVE-2021-26701 Vendor Deemed Reproducibility or Exploitation Unlikely
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
Adobe Security Bulletins
This DV includes coverage for the Adobe vulnerabilities released on or before February 9, 2021. The following table maps TippingPoint filters to the Adobe CVEs.
BulletinCVEFilterStatus
APSB21-09CVE-2021-2101738828 
APSB21-09CVE-2021-2102138860 
APSB21-09CVE-2021-2102838861 
APSB21-09CVE-2021-2103338862 
APSB21-09CVE-2021-2103438863 
APSB21-09CVE-2021-2103538864 
APSB21-09CVE-2021-2103638865 
APSB21-09CVE-2021-2103738866 
APSB21-09CVE-2021-2103838867 
APSB21-09CVE-2021-2103938868 
APSB21-09CVE-2021-2104038869 
APSB21-09CVE-2021-2104138870 
APSB21-09CVE-2021-2104238871 
APSB21-09CVE-2021-21043 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-09CVE-2021-2104438872 
APSB21-09CVE-2021-21045 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB21-09CVE-2021-2104638873 
APSB21-09CVE-2021-21057 Investigating
APSB21-09CVE-2021-21058 Investigating
APSB21-09CVE-2021-21059 Investigating
APSB21-09CVE-2021-21060 Investigating
APSB21-09CVE-2021-21061 Investigating
APSB21-09CVE-2021-21062 Investigating
APSB21-09CVE-2021-21063 Investigating
Filters marked with * shipped prior to this DV, providing zero-day protection.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9504.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9504.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 39
 Modified Filters (logic changes) - 27
 Modified Filters (metadata changes only) - 2
 Removed Filters - 1

Filters
----------------
  New Filters: 

    38004: HTTP: Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-094)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Schneider Electric IGSS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-7555 CVSS 7.8
        - Zero Day Initiative: ZDI-21-094
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38157: HTTP: Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write(ZDI-21-044)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Delta Industrial Automation CNCSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-27287 CVSS 6.8
        - Zero Day Initiative: ZDI-21-044
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: February 09, 2021

    38812: UDP: Bittorrent Node Information Detected
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a packet that contains node information for file downloads.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38813: TCP: Bittorrent Protocol Request Message Code Detected
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Request message for a file download.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Forbidden Application Access or Service Request
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38824: HTTP: OGNL Entity in POST Param
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the presence of an OGNL entity being passed in an HTTP POST parameter.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: February 09, 2021

    38828: HTTP: Adobe Acrobat Reader Heap Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21017
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38830: HTTP: WebNMS Framework Server FetchFile Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in WebNMS Framework Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2016-6601
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38831: HTTP: WebNMS Framework Server Sensitive File Access (ATT&CK T1552.001)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to access a sensitive installation file in WebNMS Framework Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2016-6602
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38832: HTTP: WebNMS Framework Server Root Session Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an attempt to generate a session for the root user in WebNMS Framework Server.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2016-6603
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38833: HTTP: SAP Solution Manager stopScript SOAP Request (ATT&CK T1070.004)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a stopScript SOAP request to SAP Solution Manager.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38834: HTTP: SAP Solution Manager deleteScript SOAP Request (ATT&CK T1070.004)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a deleteScript SOAP request to SAP Solution Manager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6207
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38835: HTTP: SAP Solution Manager setServerName SOAP Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a setServerName SOAP request to SAP Solution Manager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6207
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38836: HTTP: Kubernetes API Namespaces Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Kubernetes Namespaces API request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: February 09, 2021

    38837: HTTP: Kubernetes API Namespaces Status Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Kubernetes Namespaces Status API request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: February 09, 2021

    38838: HTTP: Kubernetes API Create Namespace Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Kubernetes create namespace API request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: February 09, 2021

    38839: HTTP: Kubernetes API Delete Namespace Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Kubernetes delete Namespace API request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: February 09, 2021

    38840: HTTP: Kubernetes API Update Namespace Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a Kubernetes update Namespace API request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: February 09, 2021

    38848: HTTP: SQL Injection (Error Based)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects the presence of suspicious SQL in an HTTP parameter.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38850: HTTP: SAP Solution Manager setAgeletProperties SOAP Request (ATT&CK T1105, T1570)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a setAgeletProperties SOAP request to SAP Solution Manager.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-6207
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: February 09, 2021

    38852: DNS: DNSmasq sort_rrset Out-Of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in DNSmasq.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-25681
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: DNS
      - Platform: UNIX/Linux Server Application or Service
      - Release Date: February 09, 2021

    38853: DNS: DNS Response with Unknown RR Type
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects a DNS response packet containing an answer record with an unknown RR type.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-24078
      - Classification: Security Policy - Other
      - Protocol: DNS
      - Platform: Windows Server Application or Service
      - Release Date: February 09, 2021

    38854: HTTP: Comtrend VR-3033 pingIpAddress Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Comtrend VR-3033.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-10173
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: February 09, 2021

    38859: HTTP: Microsoft SharePoint XML External Entity (XXE) Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an XML external entity vulnerability in Microsoft SharePoint.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-24072
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: February 09, 2021

    38860: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21021
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38861: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21028
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38862: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21033
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38863: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21034
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38864: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21035
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38865: HTTP: Adobe Acrobat Reader Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21036
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38866: HTTP: Adobe Acrobat Reader Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a memory corruption vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21037
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38867: HTTP: Adobe Acrobat Reader Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21038
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38868: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21039
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38869: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21040
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38870: HTTP: Adobe Acrobat Reader Use-After-Free Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a use-after-free vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21041
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38871: HTTP: Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds read vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21042
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38872: HTTP: Adobe Acrobat Reader Out-of-Bounds Write Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an out-of-bounds write vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21044
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38873: HTTP: Adobe Acrobat Reader Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Adobe Acrobat Reader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21046
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

    38874: HTTP: Microsoft Windows Embedded NTFS $I30 Attribute Request
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an HTTP request for an HTML file with an embedded hyperlink that contains an NTFS $I30 attribute.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: February 09, 2021

    38875: HTTP: Adobe Acrobat Reader AcroForm Embedded barcode Element
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an embedded barcode element inside an XFA PDF object.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21037
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: February 09, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    5674: HTTP: SQL Injection (Boolean Identity)
      - IPS Version: 1.0.0 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: November 16, 2007
      - Last Modified Date: February 09, 2021

    33692: HTTP: Microsoft SharePoint EntityInstanceIdEncoder Deserialization Vulnerability (ZDI-19-181)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "33692: HTTP: Microsoft SharePoint EntityInstanceIdEncoder Insecure Deserialization Vuln (ZDI-19-181)".
      - Description updated.
      - Detection logic updated.
      - Release Date: December 11, 2018
      - Last Modified Date: February 09, 2021

    37956: HTTP: Trend Micro ServerProtect splx_schedule_scan Denial-of-Service Vulnerability (ZDI-21-086)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37956: ZDI-CAN-11568: Zero Day Initiative Vulnerability (Trend Micro ServerProtect)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: February 09, 2021

    37957: HTTP: Trend Micro ServerProtect vsapiapp Denial-of-Service Vulnerability (ZDI-21-087)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37957: ZDI-CAN-11569: Zero Day Initiative Vulnerability (Trend Micro ServerProtect)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 11, 2020
      - Last Modified Date: February 09, 2021

    37998: HTTP: Schneider Electric IGSS CGF File Parsing Buffer Overflow Vulnerability (ZDI-21-092)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "37998: ZDI-CAN-11168: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38000: HTTP: Schneider Electric IGSS CGF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-124)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38000: ZDI-CAN-11268: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38001: HTTP: Schneider Electric IGSS CGF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-125)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38001: ZDI-CAN-11269: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38002: HTTP: Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-126)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38002: ZDI-CAN-11270: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38003: HTTP: Schneider Electric IGSS CGF File Parsing Buffer Overflow Vulnerability (ZDI-21-093)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38003: ZDI-CAN-11271: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38005: HTTP: Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-095)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38005: ZDI-CAN-11296: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38006: HTTP: Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-096)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38006: ZDI-CAN-11297: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38007: HTTP: Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-091)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38007: ZDI-CAN-11298: Zero Day Initiative Vulnerability (Schneider Electric IGSS)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38018: HTTP: Trend Micro Antivirus for Mac Denial-of-Service Vulnerability (ZDI-21-102)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38018: ZDI-CAN-11605: Zero Day Initiative Vulnerability (Trend Micro Antivirus for Mac)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38020: HTTP: Trend Micro OfficeScan Information Disclosure Vulnerability (ZDI-21-103)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38020: ZDI-CAN-11633: Zero Day Initiative Vulnerability (Trend Micro OfficeScan)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38021: HTTP: Trend Micro Apex One Information Disclosure Vulnerability (ZDI-21-107)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38021: ZDI-CAN-11638,11642: Zero Day Initiative Vulnerability (Trend Micro Apex One)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38022: HTTP: Trend Micro Apex One Information Disclosure Vulnerability (ZDI-21-105)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38022: ZDI-CAN-11639,11640: Zero Day Initiative Vulnerability (Trend Micro Apex One)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: August 18, 2020
      - Last Modified Date: February 09, 2021

    38053: HTTP: Microsoft Windows File Validation Spoofing Vulnerability
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Deployments updated and are now:
        - No Deployments.
      - Release Date: August 25, 2020
      - Last Modified Date: February 09, 2021

    38066: HTTP: Trend Micro OfficeScan Information Disclosure Vulnerability (ZDI-21-109,ZDI-21-110)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38066: ZDI-CAN-11635,11685: Zero Day Initiative Vulnerability (Trend Micro Multiple Products)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 01, 2020
      - Last Modified Date: February 09, 2021

    38097: HTTP: Trend Micro OfficeScan Information Disclosure Vulnerability (ZDI-21-113)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38097: ZDI-CAN-11737: Zero Day Initiative Vulnerability (Trend Micro OfficeScan)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 09, 2021

    38109: HTTP: Fuji Electric V-Server Lite VPR File Parsing Buffer Overflow Vulnerability (ZDI-21-097)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38109: ZDI-CAN-11170: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 09, 2021

    38110: HTTP: Apache Dubbo decodeBody Deserialization of Untrusted Data Vulnerability (ZDI-21-127,128)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38110: ZDI-CAN-11482, ZDI-CAN-11483: Zero Day Initiative Vulnerability (Apache Dubbo)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 09, 2021

    38119: HTTP: Fuji Electric V-Server Lite VPR File Parsing Uninitialized Pointer Vulnerability (ZDI-21-098)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38119: ZDI-CAN-11668: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 09, 2021

    38120: HTTP: Fuji Electric V-Server Lite VPR File Buffer Overflow Vulnerability (ZDI-21-099)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38120: ZDI-CAN-11669: Zero Day Initiative Vulnerability (Fuji Electric V-Server Lite)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 09, 2021

    38147: HTTP: Trend Micro Apex One Improper Information Disclosure Vulnerability (ZDI-21-116,ZDI-21-115)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38147: ZDI-CAN-11746,ZDI-CAN-11749: Zero Day Initiative Vulnerability (Trend Micro Apex One)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: September 22, 2020
      - Last Modified Date: February 09, 2021

    38312: HTTP: Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-074)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38312: ZDI-CAN-11918: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 09, 2021

    38314: HTTP: Siemens Solid Edge Viewer PAR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-075)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38314: ZDI-CAN-11920: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: February 09, 2021

    38388: HTTP: Siemens JT2Go SGI and RGB File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-060)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38388: ZDI-CAN-11992: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 17, 2020
      - Last Modified Date: February 09, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    34134: HTTP: WebNMS Framework Server Directory Traversal Vulnerability
      - IPS Version: 3.1.3 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: August 30, 2016
      - Last Modified Date: February 09, 2021

    36642: TCP: Oracle WebLogic Server T3 Protocol Deserialization (ZDI-20-128, ZDI-20-504, ZDI-20-570)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 19, 2019
      - Last Modified Date: February 09, 2021

  Removed Filters:

    38736: ZDI-CAN-12669: Zero Day Initiative Vulnerability (Schneider Electric IGSS)
      - IPS Version: 3.6.2 and after.
      - NGFW Version: 1.0.0 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Release Date: January 19, 2021
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000285610
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.