Release notes for update package 1774-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:	Monday September 09, 2024
MD5 CHECKSUM:	345159faffe2c5bf718d6425853ee544
SHA1 CHECKSUM:	a0da26dc340b360aed4ad8b18bfe78b36fc10b3e
SHA256 CHECKSUM:	3ab9478c6a1e47e16e6f0a3748e91503d3d2592a844d24d1cdd05bb513723b0c

UPDATE CRITICALITY: HIGH

List of detected attacks in this update package:

Risk level	Description	Reference	Vulnerability
High	An attempt to exploit a vulnerability in Apache OFBiz detected	CVE-2024-45195	Apache-Ofbiz-Unauthenticated-Endpoint-Code-Execution-CVE-2024-45195
High	An attempt to exploit a vulnerability in Progress Software WhatsUp Gold detected	CVE-2024-5016	Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016
High	An attempt to exploit a vulnerability in Progress Software WhatsUp Gold detected	CVE-2024-5016	Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016
High	An attempt to exploit a vulnerability in pgAdmin detected	CVE-2024-3116	Pgadmin-Binary-Path-API-RCE
High	An attempt to exploit a vulnerability in ThinkPHP detected	CVE-2022-47945	ThinkPHP-Local-File-Inclusion-CVE-2022-47945
High	An attempt to exploit a vulnerability in ThinkPHP detected	CVE-2022-47945	ThinkPHP-Local-File-Inclusion-CVE-2022-47945
High	An attempt to exploit a vulnerability in Microsoft Excel detected	CVE-2018-8382	Microsoft-Excel-Note-Record-Information-Disclosure-CVE-2018-8382
High	An attempt to exploit a vulnerability in Microsoft Excel detected	CVE-2018-8246	Microsoft-Excel-Parsed-Expression-Information-Disclosure-CVE-2018-8246
High	An attempt to exploit a vulnerability in Haihaisoft Universal Player detected	CVE-2009-4219	Haihaisoft-Universal-Player-Stack-Based-Buffer-Overflow
High	A request containing a suspicious JSON object detected	No CVE/CAN	Suspicious-JSON-Object-With-Unnecessarily-Escaped-Characters
Low	search-ms or search URI scheme detected	No CVE/CAN	MS-Search-URI-Scheme

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

HTTP Request URI

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	ThinkPHP-Local-File-Inclusion-CVE-2022-47945	CVE-2022-47945	HTTP_CSU-ThinkPHP-Local-File-Inclusion-CVE-2022-47945	Suspected Compromise
High	Apache-Ofbiz-Unauthenticated-Endpoint-Code-Execution-CVE-2024-45195	CVE-2024-45195	HTTP_CRL-Potential-Apache-Ofbiz-Unauthenticated-Endpoint-Code-Execution-CVE-2024-45195	Potential Compromise

HTTP Request Header Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	ThinkPHP-Local-File-Inclusion-CVE-2022-47945	CVE-2022-47945	HTTP_CSH-ThinkPHP-Local-File-Inclusion-CVE-2022-47945	Suspected Compromise

HTTP Normalized Request-Line

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Pgadmin-Binary-Path-API-RCE	CVE-2024-3116	HTTP_CRL-Pgadmin-Binary-Path-API-RCE	Suspected Compromise

Text File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
Low	MS-Search-URI-Scheme	No CVE/CAN	File-Text_MS-Search-URI-Scheme-Link-In-HTML	Possibly Unwanted Content
High	Haihaisoft-Universal-Player-Stack-Based-Buffer-Overflow	CVE-2009-4219	File-Text_Haihaisoft-Universal-Player-Stack-Based-Buffer-Overflow	Suspected Compromise
High	Suspicious-JSON-Object-With-Unnecessarily-Escaped-Characters	No CVE/CAN	File-Text_Suspicious-JSON-Object-With-Unnecessarily-Escaped-Characters	Potential Compromise

OLE File Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Microsoft-Excel-Note-Record-Information-Disclosure-CVE-2018-8382	CVE-2018-8382	File-OLE_Microsoft-Excel-Note-Record-Information-Disclosure-CVE-2018-8382	Potential Compromise
High	Microsoft-Excel-Parsed-Expression-Information-Disclosure-CVE-2018-8246	CVE-2018-8246	File-OLE_Microsoft-Excel-Parsed-Expression-Information-Disclosure-CVE-2018-8246	Potential Compromise

WebSocket Client Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016	CVE-2024-5016	WebSocket_CS-Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016	Suspected Compromise

WebSocket Server Stream

Risk	Vulnerability/Situation	References	Related Fingerprint	Situation Type
High	Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016	CVE-2024-5016	WebSocket_SS-Progress-WhatsUp-Gold-Onmessage-Insecure-Deserialization-CVE-2024-5016	Suspected Compromise

Updated detected attacks:

HTTP Client Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Check-Point-Security-Gateway-Information-Disclosure-CVE-2024-24919

CVE-2024-24919

HTTP_CS-Check-Point-Security-Gateway-Information-Disclosure-CVE-2024-24919

Suspected Compromise

Fingerprint regexp changed

High

Sonatype-Nexus-Repository-Manager-Webresourceservice-Directory-Traversal

CVE-2024-4956

HTTP_CS-Sonatype-Nexus-Repository-Manager-Webresourceservice-Directory-Traversal

Suspected Compromise

Fingerprint regexp changed

HTTP Request URI

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

TP-Link-Local-File-Disclosure-CVE-2015-3035

CVE-2015-3035

HTTP_CSU-TP-Link-Local-File-Disclosure-CVE-2015-3035

Suspected Disclosure

Fingerprint regexp changed

High

SysAid-On-Premise-Directory-Traversal-CVE-2023-47246

CVE-2023-47246

HTTP_CSU-SysAid-On-Premise-Directory-Traversal-CVE-2023-47246

Suspected Compromise

Fingerprint regexp changed

High

Qlik-Sense-Path-Traversal-CVE-2023-41266

CVE-2023-41266

HTTP_CSU-Qlik-Sense-Path-Traversal-CVE-2023-41266

Suspected Compromise

Fingerprint regexp changed

High

LG-LED-Assistant-Upload-Directory-Traversal

No CVE/CAN

HTTP_CSU-LG-LED-Assistant-Upload-Directory-Traversal

Suspected Compromise

Fingerprint regexp changed

High

SAP-Netweaver-File-Upload-Vulnerability-CVE-2021-38163

CVE-2021-38163

HTTP_CSU-SAP-Netweaver-File-Upload-Vulnerability-CVE-2021-38163

Suspected Compromise

Fingerprint regexp changed

High

Ivanti-Connect-Secure-Authentication-Bypass-CVE-2023-46805

CVE-2023-46805

HTTP_CSU-Ivanti-Connect-Secure-Authentication-Bypass-CVE-2023-46805

Suspected Compromise

Fingerprint regexp changed

High

LG-LED-Assistant-Updatefile-Directory-Traversal

No CVE/CAN

HTTP_CSU-LG-LED-Assistant-Updatefile-Directory-Traversal

Suspected Compromise

Fingerprint regexp changed

High

JetBrains-TeamCity-Path-Traversal-CVE-2024-27199

CVE-2024-27199

HTTP_CSU-JetBrains-TeamCity-Path-Traversal-CVE-2024-27199

Suspected Compromise

Fingerprint regexp changed

High

Aiohttp-Directory-Traversal-CVE-2024-23334

CVE-2024-23334

HTTP_CSU-Aiohttp-Directory-Traversal-CVE-2024-23334

Suspected Compromise

Fingerprint regexp changed

High

Treasure-Data-Digdag-Getfile-Directory-Traversal

CVE-2024-25125

HTTP_CSU-Treasure-Data-Digdag-Getfile-Directory-Traversal

Suspected Compromise

Fingerprint regexp changed

High

Apache-Ofbiz-Forgot-Password-Directory-Traversal

CVE-2024-32113

HTTP_CSU-Apache-Ofbiz-Forgot-Password-Directory-Traversal

Suspected Compromise

Fingerprint regexp changed

High

Common-Command-Injection-String

No CVE/CAN

HTTP_CSU-Common-Command-Injection-String-2

Potential Compromise

Fingerprint regexp changed

HTTP Normalized Request-Line

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

Stagil-Navigation-For-JIRA-Path-Traversal-Vulnerabilities

CVE-2023-26255

HTTP_CRL-Stagil-Navigation-For-JIRA-Path-Traversal-Vulnerabilities

Suspected Compromise

Fingerprint regexp changed

High

Ivanti-Avalanche-Path-Traversal-CVE-2023-41474

CVE-2023-41474

HTTP_CRL-Ivanti-Avalanche-Path-Traversal-CVE-2023-41474

Suspected Compromise

Fingerprint regexp changed

High

LG-LED-Assistant-Setthumbnailrc-Directory-Traversal

No CVE/CAN

HTTP_CRL-LG-LED-Assistant-Setthumbnailrc-Directory-Traversal

Suspected Compromise

Fingerprint regexp changed

High

Ivanti-Avalanche-Getadhocfilepath-Directory-Traversal

CVE-2024-24992

HTTP_CRL-Ivanti-Avalanche-Getadhocfilepath-Directory-Traversal

Suspected Compromise

Fingerprint regexp changed

High

Nagios-XI-Command_test.php-Command-Injection

No CVE/CAN

HTTP_CRL-Nagios-XI-Command_test.php-Command-Injection

Suspected Compromise

Fingerprint regexp changed

Text File Stream

Risk

Vulnerability/Situation

References

Related Fingerprint

Situation Type

Change Description

High

MS-Search-URI-Scheme

No CVE/CAN

File-Text_Suspicious-MS-Search-URI-Scheme-Link-In-HTML

Potential Compromise

Fingerprint regexp changed

High

Microsoft-VBScript-Scripting-Engine-CVE-2014-6363

CVE-2014-6363

File-Text_Microsoft-VBScript-Scripting-Engine-CVE-2014-6363

Potential Compromise

Detection mechanism updated

LIST OF OTHER CHANGES:

New objects:

Type	Name
Category	Haihaisoft
Certificate Authority	TunTrust Root CA (1)
Certificate Authority	vTrus OV SSL CA G2
Certificate Authority	UCA Global G2 Root (4)
Certificate Authority	certSIGN Web CA (1)
Certificate Authority	Cybertrust Global Root (2)
Certificate Authority	DigiCert Global Root G2 (1)
Certificate Authority	DigiCert Global Root G2 (2)
Certificate Authority	DigiCert Basic OV G2 TLS CN RSA4096 SHA256 2022 CA1
Certificate Authority	DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1
Certificate Authority	PerfectSSL
Certificate Authority	DigiCert G3 TLS EU ECC P-384 SHA384 2022 CA1
Certificate Authority	Microsoft Azure ECC TLS Issuing CA 03
Certificate Authority	Microsoft Azure ECC TLS Issuing CA 04
Certificate Authority	DigiCert TLS RSA4096 Root G5 (2)
Certificate Authority	DigiCert G5 TLS EU RSA4096 SHA384 2022 CA1
Certificate Authority	AC Defesa GR3 OV TLS CA 2023
Certificate Authority	GlobalSign Atlas R3 AlphaSSL CA 2024 Q2
Certificate Authority	GlobalSign Atlas R3 DV TLS CA 2024 Q2
Certificate Authority	GlobalSign Atlas R3 DV TLS CA 2024 Q3
Certificate Authority	GlobalSign Atlas R3 OV TLS CA 2024 Q2
Certificate Authority	GlobalSign Atlas R3 OV TLS CA 2024 Q3
Certificate Authority	GTS Root R4 (1)
Certificate Authority	WR1
Certificate Authority	WR2
Certificate Authority	WR3
Certificate Authority	WR4
Certificate Authority	WE1
Certificate Authority	AC RAIZ FNMT-RCM (1)
Certificate Authority	TUBITAK Kamu SM SSL Sertifika Hizmet Saglayicisi - Surum 2
Certificate Authority	E5
Certificate Authority	E6
Certificate Authority	R10
Certificate Authority	R11
Certificate Authority	R12
Certificate Authority	R13
Certificate Authority	R14
Certificate Authority	E5 (1)
Certificate Authority	E6 (1)
Certificate Authority	E7
Certificate Authority	E8
Certificate Authority	E9
Certificate Authority	Microsec e-Szigno Root CA 2009 (1)
Certificate Authority	Microsec e-Szigno Root CA 2009 (2)
Certificate Authority	DigiCert QuoVadis 2G3 TLS RSA4096 SHA384 2023 CA1
Certificate Authority	SSL.com TLS Transit ECC CA R2
Certificate Authority	Ensured Root CA
Certificate Authority	FujiSSL ECC Business Secure Site CA
Certificate Authority	GoGetSSL ECC EV CA
Certificate Authority	GoGetSSL ECC OV CA
Certificate Authority	Apple Public Server RSA CA 11 - G1
Certificate Authority	CloudSecure RSA Organization Validation Secure Server CA 2
Certificate Authority	GeoSSL RSA Domain Validation Secure Server CA
Certificate Authority	McAfee RSA Organization Validation Secure Server CA 3
Certificate Authority	Sectigo Qualified Website Authentication CA R35
Certificate Authority	TI Trust Technologies DV CA
Certificate Authority	TrustAsia RSA EV TLS CA G3
Certificate Authority	TrustSign BR RSA DV SSL CA 3
Certificate Authority	Valid Certificadora RSA DV SSL CA
Certificate Authority	JoySSL DV Secure Server CA G1
Certificate Authority	KeepTrust DV TLS RSA CA G2
Certificate Authority	SSL.com EV Root Certification Authority RSA R2 (2)
Certificate Authority	Cloudflare TLS Issuing ECC CA 1
Certificate Authority	SwissSign RSA SMIME Root CA 2021 - 1
Certificate Authority	SwissSign RSA SMIME Root CA 2022 - 1
Certificate Authority	SwissSign RSA TLS Root CA 2021 - 1
Certificate Authority	SwissSign RSA TLS Root CA 2022 - 1
Certificate Authority	FIRMAPROFESIONAL CA ROOT-A WEB
Situation	Analyzer_DNS-Any-Queries-Brute-Force
Situation	DNS-UDP_Standard-Query-Request-Type-Any
Situation	File-Text_Outdated-Browser-Accessing-ActiveX-Object-In-HTML

Updated objects:

Type

Name

Changes

Certificate Authority

SSL Blindado EV 2

Marked for removal

IPList

Forcepoint Drop IP Address List

Situation

DNS-UDP_Standard-Query-Request-Type-KEY

Fingerprint regexp changed

Situation

HTTP_CSU-Shared-Variables

Situation

HTTP_CRL-Suspicious-Parameter-Value

Fingerprint regexp changed

Situation

HTTP_CSH-Directory-Traversal-In-Cookie-Header

Fingerprint regexp changed

Situation

File-Text_Shared-Variables

Fingerprint regexp changed

Situation

File-Text_ActiveX-Shared-Variables

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.