Sophos IPS and Application Signature update release notes

Version 18.22.34

Released on August 21, 2024

Introduction

The Release Note document for IPS and Application signature Database version 18.22.34 includes support for both, the new and the updated Signatures. The following sections describe the release in detail.

Release Information

Upgrade Applicable on: Version 18.22.33

Fixed issues, listed by ID, description, explanation and Workaround.

Appliance Model	Details of Changes			Module	More Details
All Deployments	13 Applications	61 Application Signatures	7 Application categories	Application Filter	Click Here for details of changes
XGS-87, XGS-87(w), XGS-107, XGS-107(w), XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100, XGS-3300, XGS-4300, XGS-4500 XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125, XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450 SG-105, SG-105(w), SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430, SG-450, SG-550, SG-650 Any virtual deployment with RAM < 24GB	15 Signatures	11 Vulnerabilities	3 IPS Categories	IPS Filter	Click Here for details of changes
XG-550, XG-650, XG-750 XGS-5500, XGS-6500 Any virtual deployment with RAM >24GB	29 Signatures	17 Vulnerabilities	4 IPS Categories	IPS Filter	Click Here for details of changes

Application Name	Risk	Category
Club Cooee Messenger	3	Instant Messenger
Evernote	2	General Internet
Restart Communications Option	1	Industrial Control System
WebEx	3	Conferencing
Webex Teams	1	Conferencing
Mail-ru Messenger	4	Instant Messenger
HTTP Audio Streaming	1	Streaming Media
HTTP Video Streaming	1	Streaming Media
Ultrasurf Proxy	5	Proxy and Tunnel
QQ Remote Access	3	Remote Access
Eroom Website	4	General Internet
Zoho Meeting Conferencing	2	Conferencing
TOR Proxy	5	Proxy and Tunnel

Application Name

Risk

Risk Level	Risk Criteria
1	Very Low
2	Low
3	Medium
4	High
5	Very High

Name	CVE-ID	Category	Severity
BROWSER-CHROME Google Chrome CVE-2021-21206 Use-After-Free vulnerability	CVE-2021-21206	browser-chrome	1
SERVER-APACHE Apache CloudStack SAML CVE-2024-41107 Authentication Bypass	CVE-2024-41107	server-apache	3
SERVER-APACHE Apache HTTP Server CVE-2024-38472 SSRF Vulnerability	CVE-2024-38472	server-apache	2
SERVER-WEBAPP Adobe Commerce and Magento _createFromArray CVE-2024-34102 XML External Entity Injection	CVE-2024-34102	server-webapp	1
SERVER-WEBAPP Calibre CVE-2024-6782 Remote Code Execution Vulnerability	CVE-2024-6782	server-webapp	1
SERVER-WEBAPP Parse Server LiteralizeRegexPart CVE-2024-39309 SQL Injection	CVE-2024-39309	server-webapp	1
SERVER-WEBAPP Progress MOVEit Transfer CVE-2024-5806 SFTP Authentication Bypass	CVE-2024-5806	server-webapp	2
SERVER-WEBAPP ServiceNow CVE-2024-4879 Jelly Template Injection Vulnerability	CVE-2024-4879	server-webapp	1
SERVER-WEBAPP SEW-EURODRIVE MOVITOOLS MotionStudio CheckProjectBaseFormat CVE-2024-1167 XML External Entity Injection	CVE-2024-1167	server-webapp	2
SERVER-WEBAPP SEW-EURODRIVE MOVITOOLS MotionStudio CheckProjectBaseFormat CVE-2024-1167 XML External Entity Injection	CVE-2024-1167	server-webapp	5
SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-2048 attack attempt	CVE-2024-39299	server-webapp	1

Name	CVE-ID	Category	Severity
BROWSER-CHROME Google Chrome CVE-2021-21206 Use-After-Free vulnerability	CVE-2021-21206	browser-chrome	1
BROWSER-IE Microsoft Edge CVE-2017-11909 JsSetCurrentContext Out Of Bounds Read Attempt	CVE-2017-11909	browser-ie	2
SERVER-APACHE Apache CloudStack SAML CVE-2024-41107 Authentication Bypass	CVE-2024-41107	server-apache	3
SERVER-APACHE Apache HTTP Server CVE-2024-38472 SSRF Vulnerability	CVE-2024-38472	server-apache	2
SERVER-WEBAPP Adobe Commerce and Magento _createFromArray CVE-2024-34102 XML External Entity Injection	CVE-2024-34102	server-webapp	1
SERVER-WEBAPP Calibre CVE-2024-6782 Remote Code Execution Vulnerability	CVE-2024-6782	server-webapp	1
SERVER-WEBAPP Parse Server LiteralizeRegexPart CVE-2024-39309 SQL Injection	CVE-2024-39309	server-webapp	1
SERVER-WEBAPP Progress MOVEit Transfer CVE-2024-5806 SFTP Authentication Bypass	CVE-2024-5806	server-webapp	2
SERVER-WEBAPP ServiceNow CVE-2024-4879 Jelly Template Injection Vulnerability	CVE-2024-4879	server-webapp	1
SERVER-WEBAPP SEW-EURODRIVE MOVITOOLS MotionStudio CheckProjectBaseFormat CVE-2024-1167 XML External Entity Injection	CVE-2024-1167	server-webapp	2
SERVER-WEBAPP SEW-EURODRIVE MOVITOOLS MotionStudio CheckProjectBaseFormat CVE-2024-1167 XML External Entity Injection	CVE-2024-1167	server-webapp	5
SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-2028 attack attempt	CVE-2024-21797, CVE-2024-39781, CVE-2024-39782, CVE-2024-39783	server-webapp	1
SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-2040 attack attempt	CVE-2024-39359	server-webapp	1
SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-2041 attack attempt	CVE-2024-36493, CVE-2024-39603	server-webapp	1
SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-2043 attack attempt	CVE-2024-39757	server-webapp	1
SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-2045 attack attempt	CVE-2024-36272	server-webapp	1
SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-2048 attack attempt	CVE-2024-39299	server-webapp	1

Severity Level	Severity Criteria
1	Critical
2	Major
3	Moderate
4	Minor
5	Warning

Sophos IPS and Application Signature Update

These release notes are for Sophos IPS and Application signature updates.

Version 18.22.34
Released on August 21, 2024

Introduction

Release Information

Upgrade Information

Application Signatures

Terms Explained

IPS Signatures

IPS Signatures

Terms Explained

Important Notice

RESTRICTED RIGHTS

Corporate Headquarters