Release notes for update package 1706-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:	Thursday March 21, 2024
MD5 CHECKSUM:	6989c30957a63e6c675f6308660a64a9
SHA1 CHECKSUM:	aa055881d3914fb662c06b9bc08046d01eab7626
SHA256 CHECKSUM:	231c06faae29e2abc9025d9c508185b83a66a970e8264bfa640262af6d3b702c

UPDATE CRITICALITY: HIGH

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in SolarWinds Security Event Manager detected	CVE-2024-0692	Solarwinds-Security-Event-Manager-Amf-Insecure-Deserialization
High	An attempt to exploit a vulnerability in Joomla CMS detected.	CVE-2024-21726	Joomla-CMS-CleanTags-Reflected-Cross-Site-Scripting
High	An attempt to exploit a vulnerability in XWiki.org XWiki detected	CVE-2024-21650	Xwiki.org-Xwiki-Registrationconfig-Code-Injection
High	An attempt to exploit a vulnerability in XWiki.org XWiki detected	CVE-2024-21650	Xwiki.org-Xwiki-Registrationconfig-Code-Injection
High	An attempt to exploit a vulnerability in Allegra Allegra detected	CVE-2023-22361	Allegra-Ganttandschexportaction-Directory-Traversal
High	An attempt to exploit a vulnerability in pgAdmin detected	CVE-2024-2044	Pgadmin-Pga4_session-Directory-Traversal

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Solarwinds-Security-Event-Manager-Amf-Insecure-Deserialization	CVE-2024-0692	HTTP_CS-Solarwinds-Security-Event-Manager-Amf-Insecure-Deserialization	Suspected Compromise
High	Joomla-CMS-CleanTags-Reflected-Cross-Site-Scripting	CVE-2024-21726	HTTP_CS-Joomla-CMS-CleanTags-Reflected-Cross-Site-Scripting	Suspected Compromise

HTTP Request Header Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Pgadmin-Pga4_session-Directory-Traversal	CVE-2024-2044	HTTP_CSH-Pgadmin-Pga4_session-Directory-Traversal	Suspected Compromise

HTTP Normalized Request-Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Xwiki.org-Xwiki-Registrationconfig-Code-Injection	CVE-2024-21650	HTTP_CRL-Xwiki.org-Xwiki-Registrationconfig-Code-Injection	Potential Compromise
High	Xwiki.org-Xwiki-Registrationconfig-Code-Injection	CVE-2024-21650	HTTP_CRL-Xwiki.org-Xwiki-Registrationconfig-Code-Injection-Suspected-Compromise	Suspected Compromise
High	Allegra-Ganttandschexportaction-Directory-Traversal	CVE-2023-22361	HTTP_CRL-Allegra-Ganttandschexportaction-Directory-Traversal	Suspected Compromise

Updated detected attacks:

HTTP Client Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955

CVE-2023-24955

HTTP_CS-Microsoft-Sharepoint-Server-Generateproxyassembly-Code-Injection-CVE-2023-24955

Suspected Compromise

Detection mechanism updated

TCP Client Stream Unknown

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Microsoft-Windows-DHCP-Server-Failover-Remote-Code-Execution

CVE-2019-0785

Generic_CS-Microsoft-Windows-DHCP-Server-Failover-Remote-Code-Execution

Suspected Compromise

Detection mechanism updated

High

Microsoft-Windows-DHCP-Server-Failover-CVE-2023-38162-Denial-Of-Service

CVE-2023-38162

Generic_CS-Microsoft-Windows-DHCP-Server-Failover-CVE-2023-38162-Denial-Of-Service

Suspected Compromise

Detection mechanism updated

HTTP Request URI

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Tidserv-Bot

No CVE/CAN

HTTP_CSU-Tidserv-Bot-Traffic

Botnet

Detection mechanism updated

HTTP Request Header Line

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Wordpress-WP-Fastest-Cache-Plugin-SQL-Injection-CVE-2023-6063

CVE-2023-6063

HTTP_CSH-Wordpress-WP-Fastest-Cache-Plugin-SQL-Injection-CVE-2023-6063

Suspected Compromise

Fingerprint regexp changed

HTTP Normalized Request-Line

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

Low

HTTP-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access

CVE-2006-4511

HTTP_CRL-Novell-Groupwise-Messenger-HTTP-POST-Request-Invalid-Memory-Access

Potential Denial of Service

Fingerprint regexp changed

High

Cisco-Unified-Communications-Manager-Multiple-SQL-Injections

CVE-2011-1610

HTTP_CRL-Cisco-Unified-Communications-Manager-Multiple-SQL-Injections

Suspected Compromise

Fingerprint regexp changed

High

Php-Htmlspecialchars-Htmlentities-Buffer-Overflow

No CVE/CAN

HTTP_CRL-Php-Htmlspecialchars-Htmlentities-Buffer-Overflow

Suspected Compromise

Fingerprint regexp changed

High

Known-APT-Traffic

No CVE/CAN

HTTP_CRL-Suspected-APT-Traffic-Pattern

Suspected Compromise

Fingerprint regexp changed

Other Binary File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Oracle-E-Business-Suite-Work-In-Process-SQL-Injection

CVE-2019-2633

File-Binary_Oracle-E-Business-Suite-Work-In-Process-SQL-Injection

Suspected Compromise

Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type	Name
Category	SolarWinds Security Event Manager

Updated objects:

Type

Name

Changes

Situation

URL_List-DNS-Over-HTTPS

Detection mechanism updated

IPList

Rwanda

IPList

Somalia

IPList

Yemen

IPList

Iraq

IPList

Saudi Arabia

IPList

Iran

IPList

Cyprus

IPList

Tanzania

IPList

Syria

IPList

Armenia

IPList

Kenya

IPList

DR Congo

IPList

Djibouti

IPList

Uganda

IPList

Central African Republic

IPList

Seychelles

IPList

Jordan

IPList

Lebanon

IPList

Kuwait

IPList

Oman

IPList

Qatar

IPList

Bahrain

IPList

United Arab Emirates

IPList

Israel

IPList

Türkiye

IPList

Ethiopia

IPList

Eritrea

IPList

Egypt

IPList

Sudan

IPList

Greece

IPList

Burundi

IPList

Estonia

IPList

Latvia

IPList

Azerbaijan

IPList

Lithuania

IPList

Svalbard and Jan Mayen

IPList

Georgia

IPList

Moldova

IPList

Belarus

IPList

Finland

IPList

Åland Islands

IPList

Ukraine

IPList

North Macedonia

IPList

Hungary

IPList

Bulgaria

IPList

Albania

IPList

Poland

IPList

Romania

IPList

Kosovo

IPList

Zimbabwe

IPList

Zambia

IPList

Comoros

IPList

Malawi

IPList

Lesotho

IPList

Botswana

IPList

Mauritius

IPList

Eswatini

IPList

South Africa

IPList

Mozambique

IPList

Madagascar

IPList

Afghanistan

IPList

Pakistan

IPList

Bangladesh

IPList

Turkmenistan

IPList

Tajikistan

IPList

Sri Lanka

IPList

Bhutan

IPList

India

IPList

Maldives

IPList

British Indian Ocean Territory

IPList

Nepal

IPList

Myanmar

IPList

Uzbekistan

IPList

Kazakhstan

IPList

Kyrgyzstan

IPList

Cocos (Keeling) Islands

IPList

Palau

IPList

Vietnam

IPList

Thailand

IPList

Indonesia

IPList

Laos

IPList

Taiwan

IPList

Philippines

IPList

Malaysia

IPList

China

IPList

Hong Kong

IPList

Brunei

IPList

Macao

IPList

Cambodia

IPList

South Korea

IPList

Japan

IPList

North Korea

IPList

Singapore

IPList

Timor-Leste

IPList

Russia

IPList

Mongolia

IPList

Australia

IPList

Christmas Island

IPList

New Zealand

IPList

Libya

IPList

Cameroon

IPList

Senegal

IPList

Congo Republic

IPList

Portugal

IPList

Liberia

IPList

Ivory Coast

IPList

Ghana

IPList

Equatorial Guinea

IPList

Nigeria

IPList

Burkina Faso

IPList

Togo

IPList

Guinea-Bissau

IPList

Mauritania

IPList

Benin

IPList

Gabon

IPList

Sierra Leone

IPList

São Tomé and Príncipe

IPList

Gibraltar

IPList

Guinea

IPList

Chad

IPList

Niger

IPList

Tunisia

IPList

Spain

IPList

Morocco

IPList

Malta

IPList

Algeria

IPList

Denmark

IPList

Iceland

IPList

United Kingdom

IPList

Switzerland

IPList

Sweden

IPList

The Netherlands

IPList

Austria

IPList

Belgium

IPList

Germany

IPList

Luxembourg

IPList

Ireland

IPList

Monaco

IPList

France

IPList

Andorra

IPList

Liechtenstein

IPList

Isle of Man

IPList

Guernsey

IPList

Slovakia

IPList

Czechia

IPList

Norway

IPList

Vatican City

IPList

San Marino

IPList

Italy

IPList

Slovenia

IPList

Montenegro

IPList

Croatia

IPList

Bosnia and Herzegovina

IPList

Angola

IPList

Namibia

IPList

Saint Helena

IPList

Cabo Verde

IPList

Paraguay

IPList

Uruguay

IPList

Brazil

IPList

Dominican Republic

IPList

Cuba

IPList

Martinique

IPList

Bahamas

IPList

Trinidad and Tobago

IPList

St Kitts and Nevis

IPList

Saint Lucia

IPList

Turks and Caicos Islands

IPList

Aruba

IPList

Belize

IPList

El Salvador

IPList

Guatemala

IPList

Honduras

IPList

Costa Rica

IPList

Venezuela

IPList

Ecuador

IPList

Colombia

IPList

Panama

IPList

Argentina

IPList

Chile

IPList

Peru

IPList

Mexico

IPList

Northern Mariana Islands

IPList

Guam

IPList

U.S. Virgin Islands

IPList

Canada

IPList

United States

IPList

Palestine

IPList

Serbia

IPList

Antarctica

IPList

Curaçao

IPList

South Sudan

IPList

TOR exit nodes IP Address List

IPList

Microsoft Azure datacenter for australiaeast

IPList

Microsoft Azure datacenter for australiasoutheast

IPList

Microsoft Azure datacenter for brazilsouth

IPList

Microsoft Azure datacenter for canadacentral

IPList

TOR relay nodes IP Address List

IPList

Microsoft Azure datacenter for canadaeast

IPList

Microsoft Azure datacenter for centralindia

IPList

Microsoft Azure datacenter for centraluseuap

IPList

Microsoft Azure datacenter for centralus

IPList

Microsoft Azure datacenter for eastus2

IPList

Microsoft Azure datacenter for eastus

IPList

Microsoft Azure datacenter for centralfrance

IPList

Microsoft Azure datacenter for southfrance

IPList

Microsoft Azure datacenter for japaneast

IPList

Microsoft Azure datacenter for japanwest

IPList

Microsoft Azure datacenter for koreacentral

IPList

Microsoft Azure datacenter for koreasouth

IPList

Microsoft Azure datacenter for northcentralus

IPList

Microsoft Azure datacenter for northeurope

IPList

Microsoft Azure datacenter for southcentralus

IPList

Microsoft Azure datacenter for southindia

IPList

Microsoft Azure datacenter for southeastasia

IPList

Microsoft Azure datacenter for uksouth

IPList

Microsoft Azure datacenter for ukwest

IPList

Microsoft Azure datacenter for westcentralus

IPList

Microsoft Azure datacenter for westeurope

IPList

Microsoft Azure datacenter for westindia

IPList

Microsoft Azure datacenter for westus2

IPList

Microsoft Azure datacenter for westus

IPList

Microsoft Azure datacenter

IPList

Botnet IP Address List

IPList

Malicious Site IP Address List

IPList

NordVPN Servers IP Address List

IPList

Microsoft Azure datacenter for brazilse

IPList

Microsoft Azure datacenter for germanywc

IPList

Microsoft Azure datacenter for norwaye

IPList

Microsoft Azure datacenter for norwayw

IPList

Microsoft Azure datacenter for southafricanorth

IPList

Microsoft Azure datacenter for southafricawest

IPList

Microsoft Azure datacenter for switzerlandn

IPList

Microsoft Azure datacenter for switzerlandw

IPList

Microsoft Azure datacenter for uaecentral

IPList

Microsoft Azure datacenter for uaenorth

IPList

Microsoft Azure service for AzureCloud

IPList

Microsoft Azure service for AzureMonitor

IPList

Microsoft Azure service for AzureTrafficManager

IPList

Microsoft Azure service for Sql

IPList

Microsoft Azure service for WindowsVirtualDesktop

IPList

Microsoft Azure datacenter for swedencentral

IPList

Microsoft Azure datacenter for swedensouth

IPList

Microsoft Azure datacenter for westus3

IPList

Microsoft Azure datacenter for israelcentral

IPList

Microsoft Azure datacenter for mexicocentral

IPList

Microsoft Azure datacenter for polandcentral

Situation

File-Text_Laquis-Scada-LGX-Report-File-Parsing-Out-of-Bounds-Write

Description has changed

Category tag situation Obsolete added

Category tag os Any Operating System removed

Category tag hardware Any Hardware removed

Category tag application LAquis SCADA removed

Category tag group CVE2018 removed

Category tag os_not_specific Any Operating System not specific removed

Category tag situation Suspected Compromise removed

Category tag group Severity over 4 Correlation Dependency Group removed

Situation

File-Text_Shared-Variables

Fingerprint regexp changed

Application

Scribd

Application

Live365

Application

Acrobat.com

Application

F-Prot-AntiVirus-Update-Service

Application

Adobe-Connect

Application

Geotrust-OCSP

Application

Xxxoh

Application

Adobe-Creative-Cloud

Application

Adobe-EchoSign

Application

Google-Url-Shortener

Application

TOR

Application

DNS-Over-HTTPS

Application

Apple-FaceTime

Application

NordVPN

Application

Adobe-Systems

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.