Release notes for update package 1865-5242

This update package improves the detection capabilities of the Forcepoint LLM system.

RELEASE DATE:     Thursday April 10, 2025
MD5 CHECKSUM:     7773dfc0e27f3c17665fdd6c05d45392
SHA1 CHECKSUM:     0fd1b8d029897901758bc061d333152c7a2249d0
SHA256 CHECKSUM:     9f2d569ffa334c96a2977effb0192deb8fefc2e6db363a826bbf6ee10cb133cb


UPDATE CRITICALITY:    HIGH

List of detected attacks in this update package:

Risk level Description Reference Vulnerability
High     An attempt to exploit a vulnerability in Appsmith detected     CVE-2024-55964     Appsmith-RCE-CVE-2024-55964
High     An attempt to exploit a vulnerability in Cacti Group Cacti detected     CVE-2024-54146     Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146
High     An attempt to exploit a vulnerability in Ivanti Cloud Services Appliance detected     CVE-2024-47908     Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908
High     An attempt to exploit a vulnerability in Progress Software WhatsUp Gold     CVE-2024-46906     Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906
High     An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected     CVE-2024-34781     Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781
High     An attempt to exploit a vulnerability in Cisco Smart Licensing Utility detected     CVE-2024-20439     Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439
High     An attempt to exploit a vulnerability in MinIO detected     CVE-2023-28432     MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432
High     An attempt to exploit a vulnerability in Galaxy Store detected     CVE-2023-21434     Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434
High     An attempt to exploit a vulnerability in Galaxy Store detected     CVE-2023-21433     Galaxy-Store-Improper-Access-Control-CVE-2023-21433
High     An attempt to exploit a vulnerability in Apache Software Foundation JSPWiki detected     CVE-2022-28731     Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery
High     An attempt to exploit a vulnerability in OneDev Platform detected     CVE-2021-21246     OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246
High     An attempt to exploit a vulnerability in OneDev Platform detected     CVE-2021-21246     OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246
High     An attempt to exploit a vulnerability in the WordPress Like Button Plugin detected     CVE-2019-13344     Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344
High     An attempt to exploit a vulnerability in Webmin detected     CVE-2018-19191     Webmin-Cross-Site-Scripting-CVE-2018-19191
High     An attempt to exploit a vulnerability in D-Link DIR-615 detected     CVE-2018-15839     D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839
High     An attempt to exploit a vulnerability in Nagios XI detected     CVE-2018-15712     Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712
High     An attempt to exploit a vulnerability in Schneider Electric InduSoft Web Studio detected     CVE-2018-8840     Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840
High     An attempt to exploit a vulnerability in IBM Tivoli Storage Manager FastBack detected     CVE-2015-1929     IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929
High     An attempt to exploit a vulnerability in ManageEngine Applications Manager detected     CVE-2014-7863     Manageengine-Multiple-Products-Failoverhelperservlet-Information-Disclosure
High     A common command injection string in URI detected     No CVE/CAN Common-Command-Injection-String
Low     An attempt to exploit a vulnerability in Plex Media Server detected     CVE-2021-33959     Plex-Media-Server-Reflection-DDoS-CVE-2021-33959

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

UDP Packet Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
Low Plex-Media-Server-Reflection-DDoS-CVE-2021-33959 CVE-2021-33959 Generic_UDP-Plex-Media-Server-Reflection-DDoS-CVE-2021-33959 Potential Denial of Service

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908 CVE-2024-47908 HTTP_CS-Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908 Suspected Compromise

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Galaxy-Store-Improper-Access-Control-CVE-2023-21433 CVE-2023-21433 Generic_CS-Galaxy-Store-Improper-Access-Control-CVE-2023-21433 Potential Compromise
High Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840 CVE-2018-8840 Generic_CS-Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840 Potential Compromise
High IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929 CVE-2015-1929 Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929 Potential Compromise

HTTP Request URI

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Common-Command-Injection-String No CVE/CAN HTTP_CSU-Common-Command-Injection-String-3 Suspected Compromise
High MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432 CVE-2023-28432 HTTP_CSU-Potential-MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432 Potential Compromise
High Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712 CVE-2018-15712 HTTP_CSU-Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712 Suspected Compromise

HTTP Request Header Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839 CVE-2018-15839 HTTP_CSH-D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839 Suspected Compromise
High Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439 CVE-2024-20439 HTTP_CSH-Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439 Suspected Compromise
High OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 CVE-2021-21246 HTTP_CSH-OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 Potential Compromise

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Manageengine-Multiple-Products-Failoverhelperservlet-Information-Disclosure CVE-2014-7863 HTTP_CRL-Manageengine-Multiple-Products-Failoverhelperservlet-Listdirectory-Information-Disclosure Suspected Compromise
High Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906 CVE-2024-46906 HTTP_CRL-Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906 Suspected Compromise
High Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146 CVE-2024-54146 HTTP_CRL-Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146 Suspected Compromise
High Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781 CVE-2024-34781 HTTP_CRL-Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781 Suspected Compromise
High Appsmith-RCE-CVE-2024-55964 CVE-2024-55964 HTTP_CRL-Appsmith-RCE-CVE-2024-55964 Suspected Compromise
High Webmin-Cross-Site-Scripting-CVE-2018-19191 CVE-2018-19191 HTTP_CRL-Webmin-Cross-Site-Scripting-CVE-2018-19191 Suspected Compromise
High Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344 CVE-2019-13344 HTTP_CRL-Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344 Suspected Compromise

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type
High Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery CVE-2022-28731 File-Text_Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery Potential Compromise
High Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434 CVE-2023-21434 File-Text_Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434 Suspected Compromise
High OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 CVE-2021-21246 File-Text_OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 Suspected Compromise

Updated detected attacks:

HTTP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Drupal-Core-Remote-Code-Execution-CVE-2019-6340 CVE-2019-6340 HTTP_CS-Drupal-Core-Web-Services-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed

DNS UDP Server Message

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Dnsmasq-Sort_rrset-CVE-2020-25687-Out-Of-Bounds-Write CVE-2020-25687 DNS-UDP_Dnsmasq-Sort_rrset-CVE-2020-25687-Out-Of-Bounds-Write Suspected Compromise
Detection mechanism updated

TCP Client Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High IBM-Tivoli-Storage-Manager-Fastback-Mount-Opcode-0x09-Stack-Buffer-Overflow CVE-2015-0119 Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Mount-Opcode-0x09-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read CVE-2019-12951 Generic_CS-Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read Suspected Compromise
Fingerprint regexp changed

TCP Server Stream Unknown

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read CVE-2019-12951 Generic_SS-Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read Suspected Compromise
Fingerprint regexp changed

HTTP Request Header Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Zabbix-Server-Setup.php-Authentication-Bypass-CVE-2022-23134 CVE-2022-23134 HTTP_CS-Zabbix-Server-Setup.php-Authentication-Bypass-CVE-2022-23134 Suspected Compromise
Name: HTTP_CS-Zabbix-Server-Setup.php-Authentication-Bypass->HTTP_CS-Zabbix-Server-Setup.php-Authentication-Bypass-CVE-2022-23134
Comment has changed
High Free-Download-Manager-Remote-Control-Authorization-Header-Buffer-Overflow CVE-2009-0183 HTTP_CSH-Excessively-Long-Basic-Authorization-Header Potential Compromise
Description has changed
Category tag group CVE2018 added

LDAP Client Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow CVE-2020-36221 LDAP_CS-OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow Suspected Denial of Service
Comment has changed

HTTP Normalized Request-Line

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
Critical Manageengine-Multiple-Products-Failoverhelperservlet-Information-Disclosure CVE-2014-7863 HTTP_CRL-Manageengine-Multiple-Products-Failoverhelperservlet-Copyfile-Information-Disclosure Compromise
Fingerprint regexp changed
High Es-File-Explorer-Open-Port CVE-2019-6447 HTTP_CRL-Es-File-Explorer-Open-Port Suspected Compromise
Fingerprint regexp changed

Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High Google-Chrome-Insufficient-Validation-CVE-2021-21220 CVE-2021-21220 File-Text_Google-Chrome-Insufficient-Validation-CVE-2021-21220 Suspected Compromise
Fingerprint regexp changed
High Wordpress-Comment-Content-Filter-Remote-Code-Execution CVE-2019-9787 File-Text_Wordpress-Comment-Content-Filter-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed

Identified Text File Stream

Risk Vulnerability/Situation References Related Fingerprint Situation Type Change Description
High SAP-Solution-Manager-Remote-Command-Execution CVE-2020-6207 File-TextId_SAP-Solution-Manager-Missing-Authentication-Check-EEM-Servlet-Access Potential Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

Type Name
Category Appsmith
Category Galaxy Store
Category Cisco Smart Licensing Utility
Category Plex Media Server
Category WordPress Like Button Plugin
IPList Amazon EC2_INSTANCE_CONNECT ap-southeast-5

Updated objects:

Type Name Changes
IPList Rwanda
IPList Somalia
IPList Yemen
IPList Iraq
IPList Saudi Arabia
IPList Iran
IPList Cyprus
IPList Tanzania
IPList Syria
IPList Armenia
IPList Kenya
IPList DR Congo
IPList Djibouti
IPList Uganda
IPList Central African Republic
IPList Seychelles
IPList Jordan
IPList Lebanon
IPList Kuwait
IPList Oman
IPList Qatar
IPList Bahrain
IPList United Arab Emirates
IPList Israel
IPList Türkiye
IPList Ethiopia
IPList Eritrea
IPList Egypt
IPList Sudan
IPList Greece
IPList Burundi
IPList Estonia
IPList Latvia
IPList Azerbaijan
IPList Lithuania
IPList Svalbard and Jan Mayen
IPList Georgia
IPList Moldova
IPList Belarus
IPList Finland
IPList Åland Islands
IPList Ukraine
IPList North Macedonia
IPList Hungary
IPList Bulgaria
IPList Albania
IPList Poland
IPList Romania
IPList Kosovo
IPList Zimbabwe
IPList Zambia
IPList Comoros
IPList Malawi
IPList Lesotho
IPList Botswana
IPList Mauritius
IPList Eswatini
IPList Réunion
IPList South Africa
IPList Mayotte
IPList Mozambique
IPList Madagascar
IPList Afghanistan
IPList Pakistan
IPList Bangladesh
IPList Turkmenistan
IPList Tajikistan
IPList Sri Lanka
IPList Bhutan
IPList India
IPList Maldives
IPList British Indian Ocean Territory
IPList Nepal
IPList Myanmar
IPList Uzbekistan
IPList Kazakhstan
IPList Kyrgyzstan
IPList French Southern Territories
IPList Heard and McDonald Islands
IPList Cocos (Keeling) Islands
IPList Palau
IPList Vietnam
IPList Thailand
IPList Indonesia
IPList Laos
IPList Taiwan
IPList Philippines
IPList Malaysia
IPList China
IPList Hong Kong
IPList Brunei
IPList Macao
IPList Cambodia
IPList South Korea
IPList Japan
IPList North Korea
IPList Singapore
IPList Cook Islands
IPList Timor-Leste
IPList Russia
IPList Mongolia
IPList Australia
IPList Christmas Island
IPList Marshall Islands
IPList Federated States of Micronesia
IPList Papua New Guinea
IPList Solomon Islands
IPList Tuvalu
IPList Nauru
IPList Vanuatu
IPList New Caledonia
IPList Norfolk Island
IPList New Zealand
IPList Fiji
IPList Libya
IPList Cameroon
IPList Senegal
IPList Congo Republic
IPList Portugal
IPList Liberia
IPList Ivory Coast
IPList Ghana
IPList Equatorial Guinea
IPList Nigeria
IPList Burkina Faso
IPList Togo
IPList Guinea-Bissau
IPList Mauritania
IPList Benin
IPList Gabon
IPList Sierra Leone
IPList São Tomé and Príncipe
IPList Gibraltar
IPList Gambia
IPList Guinea
IPList Chad
IPList Niger
IPList Mali
IPList Western Sahara
IPList Tunisia
IPList Spain
IPList Morocco
IPList Malta
IPList Algeria
IPList Faroe Islands
IPList Denmark
IPList Iceland
IPList United Kingdom
IPList Switzerland
IPList Sweden
IPList The Netherlands
IPList Austria
IPList Belgium
IPList Germany
IPList Luxembourg
IPList Ireland
IPList Monaco
IPList France
IPList Andorra
IPList Liechtenstein
IPList Jersey
IPList Isle of Man
IPList Guernsey
IPList Slovakia
IPList Czechia
IPList Norway
IPList Vatican City
IPList San Marino
IPList Italy
IPList Slovenia
IPList Montenegro
IPList Croatia
IPList Bosnia and Herzegovina
IPList Angola
IPList Namibia
IPList Saint Helena
IPList Bouvet Island
IPList Barbados
IPList Cabo Verde
IPList Guyana
IPList French Guiana
IPList Suriname
IPList Saint Pierre and Miquelon
IPList Greenland
IPList Paraguay
IPList Uruguay
IPList Brazil
IPList Falkland Islands
IPList South Georgia and the South Sandwich Islands
IPList Jamaica
IPList Dominican Republic
IPList Cuba
IPList Martinique
IPList Bahamas
IPList Bermuda
IPList Anguilla
IPList Trinidad and Tobago
IPList St Kitts and Nevis
IPList Dominica
IPList Antigua and Barbuda
IPList Saint Lucia
IPList Turks and Caicos Islands
IPList Aruba
IPList British Virgin Islands
IPList St Vincent and Grenadines
IPList Montserrat
IPList Saint Martin
IPList Saint Barthélemy
IPList Guadeloupe
IPList Grenada
IPList Cayman Islands
IPList Belize
IPList El Salvador
IPList Guatemala
IPList Honduras
IPList Nicaragua
IPList Costa Rica
IPList Venezuela
IPList Ecuador
IPList Colombia
IPList Panama
IPList Haiti
IPList Argentina
IPList Chile
IPList Bolivia
IPList Peru
IPList Mexico
IPList French Polynesia
IPList Pitcairn Islands
IPList Kiribati
IPList Tokelau
IPList Tonga
IPList Wallis and Futuna
IPList Samoa
IPList Niue
IPList Northern Mariana Islands
IPList Guam
IPList Puerto Rico
IPList U.S. Virgin Islands
IPList U.S. Outlying Islands
IPList American Samoa
IPList Canada
IPList United States
IPList Palestine
IPList Serbia
IPList Antarctica
IPList Sint Maarten
IPList Curaçao
IPList Bonaire, Sint Eustatius, and Saba
IPList South Sudan
IPList TOR exit nodes IP Address List
IPList Amazon AMAZON
IPList Webex Servers IP Address List
IPList Amazon S3
IPList Amazon EC2
IPList TOR relay nodes IP Address List
IPList Amazon EC2_INSTANCE_CONNECT
IPList Botnet IP Address List
IPList Malicious Site IP Address List
IPList Webex Teams
IPList NordVPN Servers IP Address List
IPList Amazon AMAZON eu-north-1
IPList Amazon AMAZON us-east-2
IPList Amazon EC2 us-east-2
IPList Forcepoint Drop IP Address List
IPList GitHub Actions IP Address List
IPList Amazon S3 me-west-1
Situation HTTP_CSU-Shared-Variables
Application Webex
Application TOR
Application Webex-Teams
Application NordVPN

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.