Release notes for update package 1865-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Thursday April 10, 2025
MD5 CHECKSUM:    3dfdd084f67c4f717fab6bfdad1f1e30
SHA1 CHECKSUM:    43c3faf0be0ea388936bd03eb981586cd02cd6e8
SHA256 CHECKSUM:    9a040da296681edb625ac8cda2653be6060cc2395b674f467a30ceebcd9855f5


UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.10.1.11125
- Forcepoint NGFW:    6.8.1.24103

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in Appsmith detected     CVE-2024-55964     Appsmith-RCE-CVE-2024-55964
High     An attempt to exploit a vulnerability in Cacti Group Cacti detected     CVE-2024-54146     Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146
High     An attempt to exploit a vulnerability in Ivanti Cloud Services Appliance detected     CVE-2024-47908     Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908
High     An attempt to exploit a vulnerability in Progress Software WhatsUp Gold     CVE-2024-46906     Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906
High     An attempt to exploit a vulnerability in Ivanti Endpoint Manager detected     CVE-2024-34781     Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781
High     An attempt to exploit a vulnerability in Cisco Smart Licensing Utility detected     CVE-2024-20439     Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439
High     An attempt to exploit a vulnerability in MinIO detected     CVE-2023-28432     MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432
High     An attempt to exploit a vulnerability in Galaxy Store detected     CVE-2023-21434     Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434
High     An attempt to exploit a vulnerability in Galaxy Store detected     CVE-2023-21433     Galaxy-Store-Improper-Access-Control-CVE-2023-21433
High     An attempt to exploit a vulnerability in Apache Software Foundation JSPWiki detected     CVE-2022-28731     Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery
High     An attempt to exploit a vulnerability in OneDev Platform detected     CVE-2021-21246     OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246
High     An attempt to exploit a vulnerability in OneDev Platform detected     CVE-2021-21246     OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246
High     An attempt to exploit a vulnerability in the WordPress Like Button Plugin detected     CVE-2019-13344     Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344
High     An attempt to exploit a vulnerability in Webmin detected     CVE-2018-19191     Webmin-Cross-Site-Scripting-CVE-2018-19191
High     An attempt to exploit a vulnerability in D-Link DIR-615 detected     CVE-2018-15839     D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839
High     An attempt to exploit a vulnerability in Nagios XI detected     CVE-2018-15712     Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712
High     An attempt to exploit a vulnerability in Schneider Electric InduSoft Web Studio detected     CVE-2018-8840     Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840
High     An attempt to exploit a vulnerability in IBM Tivoli Storage Manager FastBack detected     CVE-2015-1929     IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929
High     An attempt to exploit a vulnerability in ManageEngine Applications Manager detected     CVE-2014-7863     Manageengine-Multiple-Products-Failoverhelperservlet-Information-Disclosure
High     A common command injection string in URI detected     No CVE/CAN Common-Command-Injection-String
Low     An attempt to exploit a vulnerability in Plex Media Server detected     CVE-2021-33959     Plex-Media-Server-Reflection-DDoS-CVE-2021-33959

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

UDP Packet Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
Low Plex-Media-Server-Reflection-DDoS-CVE-2021-33959 CVE-2021-33959 Generic_UDP-Plex-Media-Server-Reflection-DDoS-CVE-2021-33959 Potential Denial of Service

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908 CVE-2024-47908 HTTP_CS-Ivanti-Cloud-Services-Application-SendAlert-Command-Injection-CVE-2024-47908 Suspected Compromise

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Galaxy-Store-Improper-Access-Control-CVE-2023-21433 CVE-2023-21433 Generic_CS-Galaxy-Store-Improper-Access-Control-CVE-2023-21433 Potential Compromise
High Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840 CVE-2018-8840 Generic_CS-Schneider-Electric-Indusoft-Web-Studio-Remote-Code-Execution-CVE-2018-8840 Potential Compromise
High IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929 CVE-2015-1929 Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Server-Buffer-Overflow-CVE-2015-1929 Potential Compromise

HTTP Request URI

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Common-Command-Injection-String No CVE/CAN HTTP_CSU-Common-Command-Injection-String-3 Suspected Compromise
High MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432 CVE-2023-28432 HTTP_CSU-Potential-MinIO-Information-Disclosure-Vulnerability-CVE-2023-28432 Potential Compromise
High Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712 CVE-2018-15712 HTTP_CSU-Nagios-XI-Stored-Cross-Site-Scripting-CVE-2018-15712 Suspected Compromise

HTTP Request Header Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839 CVE-2018-15839 HTTP_CSH-D-Link-DIR-615-Buffer-Overflow-CVE-2018-15839 Suspected Compromise
High Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439 CVE-2024-20439 HTTP_CSH-Cisco-Smart-Licensing-Utility-Static-Administrative-Credentials-CVE-2024-20439 Suspected Compromise
High OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 CVE-2021-21246 HTTP_CSH-OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 Potential Compromise

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Manageengine-Multiple-Products-Failoverhelperservlet-Information-Disclosure CVE-2014-7863 HTTP_CRL-Manageengine-Multiple-Products-Failoverhelperservlet-Listdirectory-Information-Disclosure Suspected Compromise
High Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906 CVE-2024-46906 HTTP_CRL-Progress-WhatsUp-Gold-GetSqlWhereClause-SQL-Injection-CVE-2024-46906 Suspected Compromise
High Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146 CVE-2024-54146 HTTP_CRL-Cacti-Host_Templates-Template-SQL-Injection-CVE-2024-54146 Suspected Compromise
High Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781 CVE-2024-34781 HTTP_CRL-Ivanti-Endpoint-Manager-MP_QueryDetail-SQL-Injection-CVE-2024-34781 Suspected Compromise
High Appsmith-RCE-CVE-2024-55964 CVE-2024-55964 HTTP_CRL-Appsmith-RCE-CVE-2024-55964 Suspected Compromise
High Webmin-Cross-Site-Scripting-CVE-2018-19191 CVE-2018-19191 HTTP_CRL-Webmin-Cross-Site-Scripting-CVE-2018-19191 Suspected Compromise
High Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344 CVE-2019-13344 HTTP_CRL-Wordpress-Plugin-Like-Button-Authentication-Bypass-CVE-2019-13344 Suspected Compromise

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery CVE-2022-28731 File-Text_Apache-Jspwiki-Userpreferences-Cross-Site-Request-Forgery Potential Compromise
High Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434 CVE-2023-21434 File-Text_Galaxy-Store-Webview-Filter-Bypass-CVE-2023-21434 Suspected Compromise
High OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 CVE-2021-21246 File-Text_OneDev-Platform-Pre-Auth-Access-Token-Leak-CVE-2021-21246 Suspected Compromise

Updated detected attacks:

HTTP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Drupal-Core-Remote-Code-Execution-CVE-2019-6340 CVE-2019-6340 HTTP_CS-Drupal-Core-Web-Services-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed

DNS UDP Server Message

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Dnsmasq-Sort_rrset-CVE-2020-25687-Out-Of-Bounds-Write CVE-2020-25687 DNS-UDP_Dnsmasq-Sort_rrset-CVE-2020-25687-Out-Of-Bounds-Write Suspected Compromise
Detection mechanism updated

TCP Client Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High IBM-Tivoli-Storage-Manager-Fastback-Mount-Opcode-0x09-Stack-Buffer-Overflow CVE-2015-0119 Generic_CS-IBM-Tivoli-Storage-Manager-Fastback-Mount-Opcode-0x09-Stack-Buffer-Overflow Suspected Compromise
Fingerprint regexp changed
High Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read CVE-2019-12951 Generic_CS-Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read Suspected Compromise
Fingerprint regexp changed

TCP Server Stream Unknown

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read CVE-2019-12951 Generic_SS-Cesanta-Mongoose-Parse_MQTT-Out-Of-Bounds-Read Suspected Compromise
Fingerprint regexp changed

HTTP Request Header Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Zabbix-Server-Setup.php-Authentication-Bypass-CVE-2022-23134 CVE-2022-23134 HTTP_CS-Zabbix-Server-Setup.php-Authentication-Bypass-CVE-2022-23134 Suspected Compromise
Name: HTTP_CS-Zabbix-Server-Setup.php-Authentication-Bypass->HTTP_CS-Zabbix-Server-Setup.php-Authentication-Bypass-CVE-2022-23134
Comment has changed
High Free-Download-Manager-Remote-Control-Authorization-Header-Buffer-Overflow CVE-2009-0183 HTTP_CSH-Excessively-Long-Basic-Authorization-Header Potential Compromise
Description has changed
Category tag group CVE2018 added

LDAP Client Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow CVE-2020-36221 LDAP_CS-OpenLDAP-Slapd-serialNumberAndIssuerCheck-Integer-Underflow Suspected Denial of Service
Comment has changed

HTTP Normalized Request-Line

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
Critical Manageengine-Multiple-Products-Failoverhelperservlet-Information-Disclosure CVE-2014-7863 HTTP_CRL-Manageengine-Multiple-Products-Failoverhelperservlet-Copyfile-Information-Disclosure Compromise
Fingerprint regexp changed
High Es-File-Explorer-Open-Port CVE-2019-6447 HTTP_CRL-Es-File-Explorer-Open-Port Suspected Compromise
Fingerprint regexp changed

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High Google-Chrome-Insufficient-Validation-CVE-2021-21220 CVE-2021-21220 File-Text_Google-Chrome-Insufficient-Validation-CVE-2021-21220 Suspected Compromise
Fingerprint regexp changed
High Wordpress-Comment-Content-Filter-Remote-Code-Execution CVE-2019-9787 File-Text_Wordpress-Comment-Content-Filter-Remote-Code-Execution Suspected Compromise
Fingerprint regexp changed

Identified Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High SAP-Solution-Manager-Remote-Command-Execution CVE-2020-6207 File-TextId_SAP-Solution-Manager-Missing-Authentication-Check-EEM-Servlet-Access Potential Compromise
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
CategoryAppsmith
CategoryGalaxy Store
CategoryCisco Smart Licensing Utility
CategoryPlex Media Server
CategoryWordPress Like Button Plugin
IPListAmazon EC2_INSTANCE_CONNECT ap-southeast-5

Updated objects:

TypeNameChanges
IPListRwanda
IPListSomalia
IPListYemen
IPListIraq
IPListSaudi Arabia
IPListIran
IPListCyprus
IPListTanzania
IPListSyria
IPListArmenia
IPListKenya
IPListDR Congo
IPListDjibouti
IPListUganda
IPListCentral African Republic
IPListSeychelles
IPListJordan
IPListLebanon
IPListKuwait
IPListOman
IPListQatar
IPListBahrain
IPListUnited Arab Emirates
IPListIsrael
IPListTürkiye
IPListEthiopia
IPListEritrea
IPListEgypt
IPListSudan
IPListGreece
IPListBurundi
IPListEstonia
IPListLatvia
IPListAzerbaijan
IPListLithuania
IPListSvalbard and Jan Mayen
IPListGeorgia
IPListMoldova
IPListBelarus
IPListFinland
IPListÅland Islands
IPListUkraine
IPListNorth Macedonia
IPListHungary
IPListBulgaria
IPListAlbania
IPListPoland
IPListRomania
IPListKosovo
IPListZimbabwe
IPListZambia
IPListComoros
IPListMalawi
IPListLesotho
IPListBotswana
IPListMauritius
IPListEswatini
IPListRéunion
IPListSouth Africa
IPListMayotte
IPListMozambique
IPListMadagascar
IPListAfghanistan
IPListPakistan
IPListBangladesh
IPListTurkmenistan
IPListTajikistan
IPListSri Lanka
IPListBhutan
IPListIndia
IPListMaldives
IPListBritish Indian Ocean Territory
IPListNepal
IPListMyanmar
IPListUzbekistan
IPListKazakhstan
IPListKyrgyzstan
IPListFrench Southern Territories
IPListHeard and McDonald Islands
IPListCocos (Keeling) Islands
IPListPalau
IPListVietnam
IPListThailand
IPListIndonesia
IPListLaos
IPListTaiwan
IPListPhilippines
IPListMalaysia
IPListChina
IPListHong Kong
IPListBrunei
IPListMacao
IPListCambodia
IPListSouth Korea
IPListJapan
IPListNorth Korea
IPListSingapore
IPListCook Islands
IPListTimor-Leste
IPListRussia
IPListMongolia
IPListAustralia
IPListChristmas Island
IPListMarshall Islands
IPListFederated States of Micronesia
IPListPapua New Guinea
IPListSolomon Islands
IPListTuvalu
IPListNauru
IPListVanuatu
IPListNew Caledonia
IPListNorfolk Island
IPListNew Zealand
IPListFiji
IPListLibya
IPListCameroon
IPListSenegal
IPListCongo Republic
IPListPortugal
IPListLiberia
IPListIvory Coast
IPListGhana
IPListEquatorial Guinea
IPListNigeria
IPListBurkina Faso
IPListTogo
IPListGuinea-Bissau
IPListMauritania
IPListBenin
IPListGabon
IPListSierra Leone
IPListSão Tomé and Príncipe
IPListGibraltar
IPListGambia
IPListGuinea
IPListChad
IPListNiger
IPListMali
IPListWestern Sahara
IPListTunisia
IPListSpain
IPListMorocco
IPListMalta
IPListAlgeria
IPListFaroe Islands
IPListDenmark
IPListIceland
IPListUnited Kingdom
IPListSwitzerland
IPListSweden
IPListThe Netherlands
IPListAustria
IPListBelgium
IPListGermany
IPListLuxembourg
IPListIreland
IPListMonaco
IPListFrance
IPListAndorra
IPListLiechtenstein
IPListJersey
IPListIsle of Man
IPListGuernsey
IPListSlovakia
IPListCzechia
IPListNorway
IPListVatican City
IPListSan Marino
IPListItaly
IPListSlovenia
IPListMontenegro
IPListCroatia
IPListBosnia and Herzegovina
IPListAngola
IPListNamibia
IPListSaint Helena
IPListBouvet Island
IPListBarbados
IPListCabo Verde
IPListGuyana
IPListFrench Guiana
IPListSuriname
IPListSaint Pierre and Miquelon
IPListGreenland
IPListParaguay
IPListUruguay
IPListBrazil
IPListFalkland Islands
IPListSouth Georgia and the South Sandwich Islands
IPListJamaica
IPListDominican Republic
IPListCuba
IPListMartinique
IPListBahamas
IPListBermuda
IPListAnguilla
IPListTrinidad and Tobago
IPListSt Kitts and Nevis
IPListDominica
IPListAntigua and Barbuda
IPListSaint Lucia
IPListTurks and Caicos Islands
IPListAruba
IPListBritish Virgin Islands
IPListSt Vincent and Grenadines
IPListMontserrat
IPListSaint Martin
IPListSaint Barthélemy
IPListGuadeloupe
IPListGrenada
IPListCayman Islands
IPListBelize
IPListEl Salvador
IPListGuatemala
IPListHonduras
IPListNicaragua
IPListCosta Rica
IPListVenezuela
IPListEcuador
IPListColombia
IPListPanama
IPListHaiti
IPListArgentina
IPListChile
IPListBolivia
IPListPeru
IPListMexico
IPListFrench Polynesia
IPListPitcairn Islands
IPListKiribati
IPListTokelau
IPListTonga
IPListWallis and Futuna
IPListSamoa
IPListNiue
IPListNorthern Mariana Islands
IPListGuam
IPListPuerto Rico
IPListU.S. Virgin Islands
IPListU.S. Outlying Islands
IPListAmerican Samoa
IPListCanada
IPListUnited States
IPListPalestine
IPListSerbia
IPListAntarctica
IPListSint Maarten
IPListCuraçao
IPListBonaire, Sint Eustatius, and Saba
IPListSouth Sudan
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListWebex Servers IP Address List
IPListAmazon S3
IPListAmazon EC2
IPListTOR relay nodes IP Address List
IPListAmazon EC2_INSTANCE_CONNECT
IPListBotnet IP Address List
IPListMalicious Site IP Address List
IPListWebex Teams
IPListNordVPN Servers IP Address List
IPListAmazon AMAZON eu-north-1
IPListAmazon AMAZON us-east-2
IPListAmazon EC2 us-east-2
IPListForcepoint Drop IP Address List
IPListGitHub Actions IP Address List
IPListAmazon S3 me-west-1
SituationHTTP_CSU-Shared-Variables
ApplicationWebex
ApplicationTOR
ApplicationWebex-Teams
ApplicationNordVPN

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2025 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.