Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Digital Vaccine #9542

    • Updated:
    • 19 May 2021
    • Product/Version:
    • TippingPoint Digital Vaccine
    • Platform:
Summary
Digital Vaccine #9542      May 18, 2021
Details
Public
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs.

New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com.
 
System Requirements
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above,  and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters.
 
The Digital Vaccine can be manually downloaded from the following URLs:
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9542.pkg
https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9542.pkg

Update Details

Table of Contents
--------------------------

Filters
 New Filters - 48
 Modified Filters (logic changes) - 32
 Modified Filters (metadata changes only) - 2
 Removed Filters - 0

Filters
----------------
  New Filters: 

    38534: HTTP: Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-365)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Esri ArcReader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-29097 CVSS 7.8
        - Zero Day Initiative: ZDI-21-365
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: May 18, 2021

    38535: HTTP: Esri ArcReader PMF File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-366)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a buffer overflow vulnerability in Esri ArcReader.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-29097 CVSS 7.8
        - Zero Day Initiative: ZDI-21-366
      - Classification: Vulnerability - Buffer/Heap Overflow
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: May 18, 2021

    39033: HTTPS: Amazon Web Services Amazon Comprehend StopKeyPhrasesDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend StopKeyPhrasesDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39034: HTTPS: Amazon Web Services Amazon Comprehend StopPiiEntitiesDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend StopPiiEntitiesDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39035: HTTPS: Amazon Web Services Amazon Comprehend StopSentimentDetectionJob Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend StopSentimentDetectionJob request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39036: HTTPS: Amazon Web Services Amazon Comprehend StopTrainingDocumentClassifier Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend StopTrainingDocumentClassifier request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39037: HTTPS: Amazon Web Services Amazon Comprehend StopTrainingEntityRecognizer Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend StopTrainingEntityRecognizer request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39038: HTTPS: Amazon Web Services Amazon Comprehend TagResource Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend TagResource request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39039: HTTPS: Amazon Web Services Amazon Comprehend UntagResource Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend UntagResource request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39040: HTTPS: Amazon Web Services Amazon Comprehend UpdateEndpoint Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend UpdateEndpoint request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39041: HTTPS: Amazon Web Services Amazon Comprehend Host Header Detected
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend host header.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39049: HTTPS: Amazon Web Services Amazon Comprehend Medical DescribeEntitiesDetectionV2Job Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend Medical DescribeEntitiesDetectionV2Job request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39053: HTTPS: Amazon Web Services Amazon Comprehend Medical DetectEntities Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) Amazon Comprehend Medical DetectEntities request.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39660: HTTP: Oracle E-Business Suite iStore Personal Information Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Oracle E-Business Suite.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-2182 CVSS 5.8
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39674: HTTP: Netgate pfSense services_wol_edit.php Stored Cross-Site Scripting Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Netgate pfSense.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-27933 CVSS 4.3
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39684: HTTP: OpenEMR phpGACL edit_group.php SQL Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in OpenEMR.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13568 CVSS 6.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39690: HTTPS: Amazon Web Services us-east-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the US East (Northern Virginia) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39691: HTTPS: Amazon Web Services us-east-2 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the US East (Ohio) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39692: HTTPS: Amazon Web Services us-west-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the US East (N. California) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39693: HTTPS: Amazon Web Services us-west-2 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the US West (Oregon) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39694: HTTPS: Amazon Web Services ca-central-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Canada (Central) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39695: HTTPS: Amazon Web Services af-south-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Africa (Cape Town) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39696: HTTPS: Amazon Web Services ap-east-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Asia Pacific (Hong Kong) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39697: HTTPS: Amazon Web Services ap-south-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Asia Pacific (Mumbai) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39698: HTTPS: Amazon Web Services ap-northeast-3 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Asia Pacific (Osaka) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39699: HTTPS: Amazon Web Services ap-northeast-2 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Asia Pacific (Seoul) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39700: HTTPS: Amazon Web Services ap-southeast-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Asia Pacific (Singapore) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39701: HTTPS: Amazon Web Services ap-southeast-2 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Asia Pacific (Sydney) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39702: HTTPS: Amazon Web Services ap-northeast-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Asia Pacific (Tokyo) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39703: HTTPS: Amazon Web Services eu-central-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Europe (Frankfurt) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39704: HTTPS: Amazon Web Services eu-west-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Europe (Ireland) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39705: HTTPS: Amazon Web Services eu-west-2 management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Europe (London) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39706: HTTPS: Amazon Web Services eu-south-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Europe (Milan) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39707: HTTPS: Amazon Web Services eu-west-3 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Europe (Paris) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39708: HTTPS: Amazon Web Services eu-north-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Europe (Stockholm) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39709: HTTPS: Amazon Web Services me-south-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the Middle East (Bahrain) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39710: HTTPS: Amazon Web Services sa-east-1 Management Console Access Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects an Amazon Web Services (AWS) management console access request for the South America (Sao Paulo) Region.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39711: EtherNet/IP: Rockwell Automation RSLinx Ethernet IP SendUnitData Denial-of-Service Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Rockwell Automation RSLinx.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-13573 CVSS 5.0
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: TCP (Generic)
      - Platform: Windows Client Application
      - Release Date: May 18, 2021

    39712: HTTP: Alibaba Nacos URI Authentication Bypass Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This detects an attempt to exploit an authentication bypass vulnerability in Alibaba Nacos.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-29441
      - Classification: Vulnerability - Access Validation
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: May 18, 2021

    39713: HTTP: Alibaba Nacos Nacos-Server User-Agent Detected
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the presence of the Nacos-Server User-Agent.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-29441
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: May 18, 2021

    39716: HTTP: SAP NetWeaver Application Server Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in SAP NetWeaver Application Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2016-3976
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: May 18, 2021

    39717: HTTP: SAP NetWeaver Application Server Log Command Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a command execution vulnerability in SAP NetWeaver Application Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2018-2380
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: May 18, 2021

    39721: HTTP: Pulse Connect Secure Custom Template Upload
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects the upload of a custom template to Pulse Connect Secure.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2020-8243
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39722: ZDI-CAN-13453: Zero Day Initiative Vulnerability (SolarWinds Orion)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting SolarWinds Orion.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: May 18, 2021

    39725: TCP: NTLMSSP IRemUnknown2 Interface Negotiate Sign Not Set Authentication Request
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Security Policy
      - Severity: Moderate
      - Description: This filter detects an authenticated call contacting a RPC server without a sign flag set in a IRemUnknown2 interface.
      - Deployment: Not enabled by default in any deployment.
      - Classification: Security Policy - Other
      - Protocol: TCP (Generic)
      - Platform: Windows Client Application
      - Release Date: May 18, 2021

    39726: HTTP: XStream Library Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in the XStream library.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21344
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

    39732: HTTP: Microsoft IIS HTTP Protocol Stack Remote Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a code execution vulnerability in Microsoft IIS.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-31166
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Windows Server Application or Service
      - Release Date: May 18, 2021

    39733: HTTP: Nagios XI Switch Module Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Nagios XI.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-25297
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: May 18, 2021

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    38220: HTTP: Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-485)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38220: ZDI-CAN-11915: Zero Day Initiative Vulnerability (Siemens JT2Go)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: October 06, 2020
      - Last Modified Date: May 18, 2021

    38529: HTTP: Advantech WebAccess/HMI Designer PM3 Heap-based Buffer Overflow Vulnerability (ZDI-21-487)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38529: ZDI-CAN-12099: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 08, 2020
      - Last Modified Date: May 18, 2021

    38531: HTTP: Advantech WebAccess/HMI Designer PM3 Out-Of-Bounds Write Vulnerability (ZDI-21-488)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38531: ZDI-CAN-12272: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 08, 2020
      - Last Modified Date: May 18, 2021

    38572: HTTP: Siemens Solid Edge Viewer JT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-566)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38572: ZDI-CAN-12084: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: May 18, 2021

    38598: HTTP: Esri ArcReader PMF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-522)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38598: ZDI-CAN-12580: Zero Day Initiative Vulnerability (Esri ArcReader)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: December 15, 2020
      - Last Modified Date: May 18, 2021

    38686: HTTP: Microsoft Windows Raw Image Extension Out-Of-Bounds Write Vulnerability (ZDI-21-506)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38686: ZDI-CAN-12635: Zero Day Initiative Vulnerability (Microsoft Windows)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 12, 2021
      - Last Modified Date: May 18, 2021

    38703: HTTP: Cisco RV340 set_snmp usmUserAuthKey Command Injection Vulnerability (ZDI-21-558)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38703: ZDI-CAN-11797: Zero Day Initiative Vulnerability (Cisco RV340)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: May 18, 2021

    38704: HTTP: Cisco RV340 set_snmp usmUserPrivKey Command Injection Vulnerability (ZDI-21-559)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38704: ZDI-CAN-11798: Zero Day Initiative Vulnerability (Cisco RV340)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: May 18, 2021

    38705: HTTP: Cisco RV340 set_snmp usmUserEngineID Command Injection Vulnerability (ZDI-21-560)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38705: ZDI-CAN-11800: Zero Day Initiative Vulnerability (Cisco RV340)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: May 18, 2021

    38710: HTTP: Delta Industrial Automation DOPSoft Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-516)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38710: ZDI-CAN-12335: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: May 18, 2021

    38723: HTTP: Microsoft Excel XLS File Parsing Use-After-Free Vulnerability (ZDI-21-507)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38723: ZDI-CAN-12594: Zero Day Initiative Vulnerability (Microsoft Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: May 18, 2021

    38724: HTTP: Esri ArcReader PMF File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-523)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38724: ZDI-CAN-12595: Zero Day Initiative Vulnerability (Esri ArcReader)".
      - Category changed from "Vulnerabilities" to "Exploits".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: January 19, 2021
      - Last Modified Date: May 18, 2021

    * 38934: HTTP: Microsoft Windows Groove Music FLAC File Parsing Out-Of-Bounds Write Vulnerability(ZDI-21-572)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "38934: ZDI-CAN-12806: Zero Day Initiative Vulnerability (Microsoft Windows Groove Music)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: February 23, 2021
      - Last Modified Date: May 18, 2021

    39079: HTTP: Microsoft Excel XLS File Parsing Use-After-Free Vulnerability (ZDI-21-576)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39079: ZDI-CAN-12935: Zero Day Initiative Vulnerability (Microsoft Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 09, 2021
      - Last Modified Date: May 18, 2021

    39080: HTTP: Microsoft Excel XLS File Parsing Use-After-Free Vulnerability (ZDI-21-575)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39080: ZDI-CAN-12934: Zero Day Initiative Vulnerability (Microsoft Excel)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 09, 2021
      - Last Modified Date: May 18, 2021

    39095: HTTP: Foxit Reader Annotation Use-After-Free Vulnerability (ZDI-21-530)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39095: ZDI-CAN-13101: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 16, 2021
      - Last Modified Date: May 18, 2021

    39100: HTTP: Microsoft SharePoint Unsafe Deserialization Vulnerability (ZDI-21-573)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39100: ZDI-CAN-12948: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 09, 2021
      - Last Modified Date: May 18, 2021

    39271: HTTP: Microsoft Internet Explorer setExpression Memory Corruption Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: March 30, 2021
      - Last Modified Date: May 18, 2021

    39316: HTTP: Microsoft Windows Groove Music FLAC Out-Of-Bounds Write Vulnerability (ZDI-21-579)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39316: ZDI-CAN-13237: Zero Day Initiative Vulnerability (Microsoft Windows Groove Music)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 30, 2021
      - Last Modified Date: May 18, 2021

    39402: HTTP: Foxit Reader XFA Form Use-After-Free Vulnerability (ZDI-21-539)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39402: ZDI-CAN-13084: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39403: HTTP: Foxit Reader Annotation Use-After-Free Vulnerability (ZDI-21-540)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39403: ZDI-CAN-13089: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39473: HTTP: Foxit Reader XFA Template Use-After-Free Vulnerability (ZDI-21-549)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39473: ZDI-CAN-13096: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39484: HTTP: Foxit Reader XFA Form Use-After-Free Vulnerability (ZDI-21-548)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39484: ZDI-CAN-13162: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39485: HTTP: Foxit Reader Annotation Use-After-Free Vulnerability (ZDI-21-547)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39485: ZDI-CAN-13150: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39486: HTTP: Foxit Reader Annotation Use-After-Free Vulnerability (ZDI-21-546)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39486: ZDI-CAN-13147: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39487: HTTP: Foxit Reader Annotation Use-After-Free Vulnerability (ZDI-21-545)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39487: ZDI-CAN-13102: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39488: HTTP: Foxit Reader XFA Form Use-After-Free Vulnerability (ZDI-21-544)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39488: ZDI-CAN-13100: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39489: HTTP: Foxit Reader XFA leadDigits Heap-based Buffer Overflow Vulnerability (ZDI-21-543)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39489: ZDI-CAN-13095: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    39490: HTTP: Foxit Reader XFA relayout Use-After-Free Vulnerability (ZDI-21-542)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39490: ZDI-CAN-13092: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 06, 2021
      - Last Modified Date: May 18, 2021

    * 39585: HTTP: Microsoft Office Graph Use-After-Free Vulnerability (ZDI-21-580)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39585: ZDI-CAN-13497: Zero Day Initiative Vulnerability (Microsoft Office)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: April 27, 2021
      - Last Modified Date: May 18, 2021

    39652: HTTP: Foxit Reader browseForDoc Out-Of-Bounds Write Vulnerability (ZDI-21-561)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39652: ZDI-CAN-13523: Zero Day Initiative Vulnerability (Foxit Reader)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: May 04, 2021
      - Last Modified Date: May 18, 2021

    * 39687: HTTP: Microsoft Exchange Server Insecure Deserialization Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Deployments updated and are now:
        - Deployment: Default (Block / Notify)
        - Deployment: Performance-Optimized (Disabled)
      - Release Date: May 11, 2021
      - Last Modified Date: May 18, 2021

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    38373: HTTP: Dasan GPON Home Router Command Injection Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: November 03, 2020
      - Last Modified Date: May 18, 2021

    39098: HTTP: Microsoft SharePoint XML Code Execution Vulnerability (ZDI-21-574)
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Name changed from "39098: ZDI-CAN-12949: Zero Day Initiative Vulnerability (Microsoft SharePoint)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: May 11, 2021
      - Last Modified Date: May 18, 2021

  Removed Filters: None
      
Top of the Page
Premium
Internal
Partner
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000286565
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.