9 months ago
Wallarm Detection Updates
In March, Wallarm issued a significant update of our detection rules for multiple attack types. The most impactful improvements were aimed at detection of Remote Code Execution, Local File Exclusion, Server Side Template Injections and Command Injection attacks.
In addition, new indicators of Out-of-Band (OOB/OAST) attack techniques were added to the product.
The update also included detection of the critical, widely-exploitable vulnerabilities listed below:
- Server-Side Request Forgery in NextJS
- Auth Bypass in TeamCity (CVE-2024-27198)
- Auth Bypass in TeamCity (CVE-2024-27199)
- Arbitrary File Read Vulnerability Leading to RCE in Jenkins (CVE-2024-23897)
- Authentication Bypass in Fortra GoAnywhere MFT (CVE-2024-0204)
- OS Command Injection in MajorDoMo (CVE-2023-50917)
- Account Takeover via Password Reset in GitLab (CVE-2023-7028)
- Remote Code Execution in Apache OFBiz (CVE-2023-51467)
- Adobe ColdFusion WDDX Deserialization Gadgets (CVE-2023-44353)
- Adobe ColdFusion Pre-Auth RCE (CVE-2023-29300)
- Remote Code Execution in Juniper(CVE-2023–36845)
- Authentication Bypass in Ivanti ICS (CVE-2023-46805)
We highly recommend that customers validate whether these components are used in their infrastructure and update them to the latest versions.