Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9532

    • Updated:
    • 28 Apr 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9532      April 27, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.

SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9532.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9532.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 41
 Modified Filters (logic changes) - 14
 Modified Filters (metadata changes only) - 0
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38594: HTTP: Microsoft Windows Raw Image Extension File Parsing Type Confusion Vulnerability (ZDI-21-421)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Microsoft Windows.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-28468 CVSS 7.8
        - Zero Day Initiative: ZDI-21-421
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Client Application
      - Release Date: April 27, 2021

    38969: HTTPS: Amazon Web Services Amazon Comprehend DescribeDocumentClassificationJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeDocumentClassificationJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38970: HTTPS: Amazon Web Services Amazon Comprehend DescribeDocumentClassifier Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeDocumentClassifier request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38971: HTTPS: Amazon Web Services Amazon Comprehend DescribeDominantLanguageDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeDominantLanguageDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38972: HTTPS: Amazon Web Services Amazon Comprehend DescribeEndpoint Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeEndpoint request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38973: HTTPS: Amazon Web Services Amazon Comprehend DescribeEntitiesDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeEntitiesDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38974: HTTPS: Amazon Web Services Amazon Comprehend DescribeEntityRecognizer Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeEntityRecognizer request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38976: HTTPS: Amazon Web Services Amazon Comprehend DescribeEventsDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeEventsDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38977: HTTPS: Amazon Web Services Amazon Comprehend DescribeKeyPhrasesDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeKeyPhrasesDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38978: HTTPS: Amazon Web Services Amazon Comprehend DescribePiiEntitiesDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribePiiEntitiesDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    38979: HTTPS: Amazon Web Services Amazon Comprehend DescribeSentimentDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend DescribeSentimentDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    39580: HTTP: OpenEMR patient_report.php Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in OpenEMR.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25921 CVSS 3.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    39581: ZDI-CAN-12966: Zero Day Initiative Vulnerability (Advantech WebAccess)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Advantech WebAccess.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39582: HTTP: XStream Library CVE-2020-26259 Arbitrary File Deletion Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an arbitrary file deletion vulnerability in the XStream library.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-26259 CVSS 6.4
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    39584: ZDI-CAN-13382: Zero Day Initiative Vulnerability (AutoDesk Design Review)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39585: ZDI-CAN-13497: Zero Day Initiative Vulnerability (Microsoft Office)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Office.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39586: ZDI-CAN-13376: Zero Day Initiative Vulnerability (AutoDesk Design Review)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39587: ZDI-CAN-13398: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39589: ZDI-CAN-13481: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39591: ZDI-CAN-13508: Zero Day Initiative Vulnerability (Microsoft Excel)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Microsoft Excel.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Performance-Optimized (Disabled)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39592: ZDI-CAN-13471: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe Acrobat Pro DC.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39593: ZDI-CAN-12772: Zero Day Initiative Vulnerability (Schneider Electric IGSS)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Schneider Electric IGSS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39595: ZDI-CAN-13073: Zero Day Initiative Vulnerability (Delta Industrial Automation TPEditor)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation TPEditor.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39596: ZDI-CAN-13400: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39597: ZDI-CAN-13088: Zero Day Initiative Vulnerability (Adobe RoboHelp)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe RoboHelp.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39598: ZDI-CAN-13392: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39599: ZDI-CAN-13388: Zero Day Initiative Vulnerability (Fatek Automation FvDesigner)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Fatek Automation FvDesigner.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39600: ZDI-CAN-12877: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39601: ZDI-CAN-13373: Zero Day Initiative Vulnerability (AutoDesk Design Review)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting AutoDesk Design Review.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39602: ZDI-CAN-13077: Zero Day Initiative Vulnerability (Schneider Electric Struxureware)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Schneider Electric Struxureware.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39604: ZDI-CAN-12994: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39605: ZDI-CAN-12993: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39606: ZDI-CAN-13448,ZDI-CAN-13555: Zero Day Initiative Vulnerability (Adobe FrameMaker)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Adobe FrameMaker.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39607: ZDI-CAN-13401: Zero Day Initiative Vulnerability (Microsoft Word)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Microsoft Word.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39609: ZDI-CAN-13554: Zero Day Initiative Vulnerability (Schneider Electric IGSS)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: N/NX-Platform or TPS devices
      - Category: Exploits
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Schneider Electric IGSS.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39610: HTTP: Sysax MultiServer Cross-Site Scripting Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Sysax MultiServer.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13288
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

    39611: HTTP: Parameter DOM Parsing & Serialization Cross-Site Scripting 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to inject DOM parsing and serialization methods or properties inside an HTML parameter.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: April 27, 2021

    39612: HTTP: DrayTek Vigor Multiple Products Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in multiple DrayTek Vigor products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-10826
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: April 27, 2021

    39613: ZDI-CAN-12771: Zero Day Initiative Vulnerability (Trend Micro ServerProtect)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Trend Micro ServerProtect.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: April 27, 2021

    39614: HTTP: DrayTek Vigor Multiple Products Buffer Overflow Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in multiple DrayTek Vigor products.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-10827, CVE-2020-10828
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: April 27, 2021

    39615: HTTP: Centreon Monitoring Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Centreon.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-10946, CVE-2020-13627, CVE-2020-13628
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: April 27, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    38313: HTTP: Siemens Solid Edge Viewer PAR File Parsing Memory Corruption Vulnerability (ZDI-21-404)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38313: ZDI-CAN-11919: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: April 27, 2021

    38457: HTTP: Samsung Q60T TV Internet Browser Opcode Type-Confusion Vulnerability (Pwn2Own ZDI-21-407)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38457: PWN2OWN ZDI-CAN-12057: Zero Day Initiative Vulnerability (Samsung Q60T TV Internet Browser)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 10, 2020
      - Last Modified Date: April 27, 2021

    38536: HTTP: Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-367)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38536: ZDI-CAN-12490: Zero Day Initiative Vulnerability (Esri ArcReader)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 08, 2020
      - Last Modified Date: April 27, 2021

    38597: HTTP: Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-369)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38597: ZDI-CAN-12548: Zero Day Initiative Vulnerability (Esri ArcReader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: April 27, 2021

    38599: HTTP: Esri ArcReader PMF File Parsing Use-After-Free Vulnerability (ZDI-21-370)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38599: ZDI-CAN-12581: Zero Day Initiative Vulnerability (Esri ArcReader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: April 27, 2021

    38709: HTTP: Phoenix Contact Automationworx XML Stack-based Buffer Overflow Vulnerability (ZDI-21-398)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38709: ZDI-CAN-12244: Zero Day Initiative Vulnerability (Phoenix Contact Automationworx)".
      - Category changed from "Exploits" to "Vulnerabilities".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: April 27, 2021

    38720: HTTP: Adobe Bridge PDF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-416)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38720: ZDI-CAN-12539: Zero Day Initiative Vulnerability (Adobe Bridge)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: April 27, 2021

    38725: HTTP: Esri ArcReader PMF File Parsing Uninitialized Pointer Vulnerability (ZDI-21-372)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38725: ZDI-CAN-12596: Zero Day Initiative Vulnerability (Esri ArcReader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: April 27, 2021

    38727: HTTP: Siemens RobotExpert CELL File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-419)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38727: ZDI-CAN-12608: Zero Day Initiative Vulnerability (Siemens RobotExpert)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: April 27, 2021

    38728: HTTP: Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-371)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38728: ZDI-CAN-12612: Zero Day Initiative Vulnerability (Esri ArcReader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: April 27, 2021

    * 38937: HTTP: Microsoft Print 3D PLY File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-405)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38937: ZDI-CAN-12876: Zero Day Initiative Vulnerability (Microsoft Windows Paint 3D)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 23, 2021
      - Last Modified Date: April 27, 2021

    * 38939: HTTP: Microsoft 3D Builder PLY File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-406)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38939: ZDI-CAN-13047: Zero Day Initiative Vulnerability (Microsoft Windows 3D Builder)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 23, 2021
      - Last Modified Date: April 27, 2021

    39102: HTTP: Microsoft Excel XLS File Parsing Use-After-Free Vulnerability (ZDI-21-410)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39102: ZDI-CAN-12703: Zero Day Initiative Vulnerability (Microsoft Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 09, 2021
      - Last Modified Date: April 27, 2021

    39526: HTTP: Chromium V8 XOR Typer Mismatch Out-Of-Bounds Access Vulnerability (Pwn2Own ZDI-21-411)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39526: PWN2OWN ZDI-CAN-13569: Zero Day Initiative Vulnerability (Microsoft Edge, Google Chrome)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 08, 2021
      - Last Modified Date: April 27, 2021

  Modified Filters (metadata changes only): None
         
  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000286410
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.