The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are
developed to significantly increase detection performance and reduce the false alarms.
Applicable to: XGS-87, XGS-87(w), XGS-107, XGS-107(w),
XGS-116, XGS-116(w), XGS-126, XGS-126(w), XGS-136, XGS-136(w), XGS-2100, XGS-2300, XGS-3100,
XGS-3300, XGS-4300, XGS-4500, XG-86, XG-86(w), XG-106, XG-106(w), XG-115, XG-115(w), XG-125,
XG-125(w), XG-135, XG-135(w), XG-210, XG-230, XG-310, XG-330, XG-430, XG-450, SG-105, SG-105(w),
SG-115, SG-115(w), SG-125, SG-125(w), SG-135, SG-135(w), SG-210, SG-230, SG-310, SG-330, SG-430,
SG-450, SG-550, SG-650 and Any virtual deployment with RAM < 24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty three(23) Signatures
to address
Eighteen(18) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-IE Microsoft Internet Explorer Dictionary Object use after free attempt |
CVE-2013-5056 |
browser-ie |
1 |
| BROWSER-IE Microsoft Internet Explorer HTML frame injection attempt |
CVE-2004-0719 |
browser-ie |
2 |
| OS-WINDOWS Microsoft Office OLE UtOlePresStmToContentsStm memory corruption attempt |
CVE-2025-21298 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Explorer CFileSysEnum CVE-2024-49082 Directory Traversal |
CVE-2024-49082 |
os-windows |
3 |
| SERVER-APACHE Apache Tomcat JSP CVE-2024-50379 Compilation Race Condition |
CVE-2024-50379 |
server-apache |
1 |
| SERVER-WEBAPP Aviatrix Controllers command injection attempt |
CVE-2024-50603 |
server-webapp |
1 |
| SERVER-WEBAPP HPE Insight Remote Support getDocumentRootElement XML External Entity Injection |
CVE-2024-53674 |
server-webapp |
1 |
| SERVER-WEBAPP HPE Insight Remote Support processAtatchmentDataStream ,CVE-2024-53676 Directory Traversal |
CVE-2024-53676 |
server-webapp |
1 |
| SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt |
CVE-2010-1550 |
server-webapp |
1 |
| SERVER-WEBAPP Ivanti Endpoint Manager Credential Coercion Vulnerabilities |
CVE-2024-10811, CVE-2024-13159, CVE-2024-13160, CVE-2024-13161 |
server-webapp |
1 |
| SERVER-WEBAPP Logsign Unified SecOps CVE-2025-1044 Authentication Bypass |
CVE-2025-1044 |
server-webapp |
1 |
| SERVER-WEBAPP Microsoft Windows MSHTML File Extension Spoofing CVE-2024-43461 Remote Code Execution |
CVE-2024-43461 |
server-webapp |
2 |
| SERVER-WEBAPP MongoDB CVE-2024-53900 Remote Code Execution Vulnerability |
CVE-2024-53900 |
server-webapp |
1 |
| SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt |
CVE-2018-19410 |
server-webapp |
1 |
| SERVER-WEBAPP SimpleHelp SimpleHelp WebDownloadServer CVE-2024-57727 Directory Traversal |
CVE-2024-57727 |
server-webapp |
2 |
| SERVER-WEBAPP SQuery libpath PHP file include attempt |
CVE-2006-1688 |
server-webapp |
2 |
| SERVER-WEBAPP Wazuh CVE-2025-24016 Remote Code Execution Vulnerability |
CVE-2025-24016 |
server-webapp |
2 |
| SERVER-WEBAPP WSO2 Multiple Products SynapseArtifactUploaderAdmin CVE-2024-7074 Directory Traversal |
CVE-2024-7074 |
server-webapp |
3 |
The Sophos Intrusion Prevention System shields the network from known attacks by matching
the network traffic against the signatures in the IPS Signature Database. These
signatures are developed to significantly increase detection performance and reduce the
false alarms.
Applicable to: XG-550, XG-650, XG-750, XGS-5500,
XGS-6500 and Any virtual deployment with RAM >24GB
The table below provides details of Signatures included in this release.
This IPS Release includes Twenty seven(27) Signatures
to address
Twenty two(22) Vulnerabilities.
Fixed issues, listed by ID, description, explanation and Workaround.
| Name |
CVE-ID |
Category |
Severity |
| BROWSER-IE Microsoft Internet Explorer Dictionary Object use after free attempt |
CVE-2013-5056 |
browser-ie |
1 |
| BROWSER-IE Microsoft Internet Explorer HTML frame injection attempt |
CVE-2004-0719 |
browser-ie |
2 |
| OS-WINDOWS Microsoft Office OLE UtOlePresStmToContentsStm memory corruption attempt |
CVE-2025-21298 |
os-windows |
1 |
| OS-WINDOWS Microsoft Windows Explorer CFileSysEnum CVE-2024-49082 Directory Traversal |
CVE-2024-49082 |
os-windows |
3 |
| SERVER-APACHE Apache Tomcat JSP CVE-2024-50379 Compilation Race Condition |
CVE-2024-50379 |
server-apache |
1 |
| SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt |
CVE-2018-6892 |
server-other |
1 |
| SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt |
CVE-2011-4164 |
server-other |
2 |
| SERVER-WEBAPP Aviatrix Controllers command injection attempt |
CVE-2024-50603 |
server-webapp |
1 |
| SERVER-WEBAPP HPE Insight Remote Support getDocumentRootElement XML External Entity Injection |
CVE-2024-53674 |
server-webapp |
1 |
| SERVER-WEBAPP HPE Insight Remote Support processAtatchmentDataStream ,CVE-2024-53676 Directory Traversal |
CVE-2024-53676 |
server-webapp |
1 |
| SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt |
CVE-2010-1550 |
server-webapp |
1 |
| SERVER-WEBAPP Ivanti Endpoint Manager Credential Coercion Vulnerabilities |
CVE-2024-10811, CVE-2024-13159, CVE-2024-13160, CVE-2024-13161 |
server-webapp |
1 |
| SERVER-WEBAPP Logsign Unified SecOps CVE-2025-1044 Authentication Bypass |
CVE-2025-1044 |
server-webapp |
1 |
| SERVER-WEBAPP Microsoft Windows MSHTML File Extension Spoofing CVE-2024-43461 Remote Code Execution |
CVE-2024-43461 |
server-webapp |
2 |
| SERVER-WEBAPP MongoDB CVE-2024-53900 Remote Code Execution Vulnerability |
CVE-2024-53900 |
server-webapp |
1 |
| SERVER-WEBAPP Paessler PRTG Network Monitor local file inclusion attempt |
CVE-2018-19410 |
server-webapp |
1 |
| SERVER-WEBAPP Palo Alto Networks Expedition regionsDiscovery.php CVE-2025-0107 Insecure Deserialization |
CVE-2025-0107 |
server-webapp |
2 |
| SERVER-WEBAPP SimpleHelp SimpleHelp WebDownloadServer CVE-2024-57727 Directory Traversal |
CVE-2024-57727 |
server-webapp |
2 |
| SERVER-WEBAPP SQuery libpath PHP file include attempt |
CVE-2006-1688 |
server-webapp |
2 |
| SERVER-WEBAPP Squid Proxy ESI Response Processing esi_assign CVE-2024-45802 Denial of Service |
CVE-2024-45802 |
server-webapp |
2 |
| SERVER-WEBAPP Wazuh CVE-2025-24016 Remote Code Execution Vulnerability |
CVE-2025-24016 |
server-webapp |
2 |
| SERVER-WEBAPP WSO2 Multiple Products SynapseArtifactUploaderAdmin CVE-2024-7074 Directory Traversal |
CVE-2024-7074 |
server-webapp |
3 |
Name: Name of the Signature.
CVE-ID: CVE Identification Number - Common
Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for
publicly known information security vulnerabilities.
Category: Class type according to threat.
Severity: Degree of severity - The levels of
severity are described in the table below:
Fixed issues, listed by ID, description, explanation and
Workaround.
| Severity Level |
Severity Criteria |
| 1 |
Critical |
| 2 |
Major |
| 3 |
Moderate |
| 4 |
Minor |
| 5 |
Warning |
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be
accurate and reliable at the time of printing, but is presented without warranty
of any kind, expressed or implied. Users must take full responsibility for their
application of any products. Sophos Technologies Pvt. Ltd. assumes no
responsibility for any errors that may appear in this document. Sophos
Technologies Pvt. Ltd. reserves the right, without notice to make changes in
product design or specifications. Information is subject to change without
notice.
RESTRICTED RIGHTS
©1997 - 2025 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies
Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Registered in England and Wales No. 2096520,
The Pentagon, Abingdon Science Park,
Abingdon, OX14 3YP, UK
Web site: www.sophos.com