News

Stormshield SNS protections for TikiWiki vulnerability (CVE-2025-32461)

2025-07-29

The vulnerability tracked as CVE-2025-32461 impacts TikiWiki. It is a server-side injection which allows an attacker to remotely execute some code on the server. Stormhield Network Security (SNS) appl...

Stormshield SNS protections for Sharepoint vulnerability (CVE-2025-49704)

2025-07-29

The vulnerability tracked as CVE-2025-49704 impacts Sharepoint. It allows an attacker to bypass some authentication mechanisms and to remotely execute some code on the server. Stormhield Network Secur...

Stormshield SNS protections for Sharepoint vulnerability (CVE-2025-49701)

2025-07-22

The vulnerability tracked as CVE-2025-49701 impacts Sharepoint. It allows an unauthenticated attacker to remotely execute some code on the server. Stormhield Network Security (SNS) appliance protects ...

Stormshield SNS protections for Citrix NetScaler vulnerability (CVE-2025-5777)

2025-07-09

The vulnerability tracked as CVE-2025-5777 impacts Citrix NetScaler. It allows an unauthenticated attacker to read a portion of the appliance memory. The server is vulnerable only if it is configured ...

SES Evolution Protection update 2506a

2025-07-07

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2506a for SES Evolution version 2.7.1.It can be downloaded from your secure area: https://mystormshield.eu/ ...

Stormshield SNS protections for SAP NetWeaver file upload vulnerability (CVE-2025-31324)

2025-04-30

The vulnerability tracked as CVE-2025-31324 impacts SAP NetWeaver. It allows an unauthenticated attacker to bypass upload a file, which can be later used for remote code execution Stormhield Network S...

Stormshield SNS protections for Ivanti Cloud Services appliance (CVE-2024-8190)

2025-04-08

The vulnerability tracked as CVE-2024-8190 impacts Ivanti Cloud Services Appliance. It allows an attacker to remotely inject commands on Ivanti Cloud Services Appliance. Stormhield Network Security (S...

Stormshield SNS protections for Next.js (CVE-2025-29927)

2025-03-26

The vulnerability tracked as CVE-2025-29927 impacts the Next.js middleware. It allows an attacker to bypass auhtorization mechanisms. The following versions are impacted:• >= 11.1.4, <= 13.5.6 â€...

Stormshield SNS protections for Zimbra (CVE-2025-25064)

2025-02-19

The vulnerability tracked as CVE-2025-25064 impacts the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4. It allows an attacker to inject arbitra...

Stormshield SNS protections for Kerberos vulnerability (CVE-2025-21299)

2025-02-13

The vulnerability tracked as CVE-2025-21299 impacts Kerberos. It allows an attacker to retrieve sensitive authentication informations. Stormhield Network Security (SNS) appliance protects you from tha...

Stormshield SNS protections for Microsoft Word vulnerability (CVE-2025-21365)

2025-02-04

The vulnerability tracked as CVE-2025-21365 impacts Microsoft Word. It allows an attacker to achieve RCE. Stormhield Network Security (SNS) appliance protects you from that attack, thanks to dedicated...

Stormshield SNS protections for MapUrlToZone vulnerabilities (CVE-2025-21268, CVE-2025-21269)

2025-02-04

The vulnerabilities tracked as CVE-2025-21268 Microsoft Windows Server. It allows an attacker to bypass the zone identification. Stormhield Network Security (SNS) appliance protects you from those att...

Stormshield SNS protections for Apache Airflow vulnerability (CVE-2024-39877)

2025-01-07

The vulnerability tracked as CVE-2024-39877 impacts Apache Airflow. It allows an attacker to achieve RCE through a Jinja2 template injection. Stormhield Network Security (SNS) appliance protects you f...

Stormshield SNS protections for Internet Explorer XSS vulnerability (CVE-2024-43573)

2024-10-24

The vulnerability tracked as CVE-2024-43573 impacts Internet Explorer. It allows an attacker to achieve XSS attack through a malicious PDF file. Stormhield Network Security (SNS) appliance protects yo...

Stormshield SNS protections for Microsoft MMC vulnerability (CVE-2024-43572)

2024-10-24

The vulnerability tracked as CVE-2024-43572 impacts Microsoft Management Center. It allows an unauthenticated attacker to perform remote code execution through a malicious crafted file. Stormhield Net...

Update on Google Maps application signature

2024-10-22

Google Maps application signatures have been replaced. These signatures have been deleted : Signature ID Name ssl:client:sni.3 Web : Google maps (SSL) tcpudp:hostname.52 Web : Google Maps They have be...

Stormshield SNS protections for Zimbra vulnerability (CVE-2024-45519)

2024-10-22

The vulnerability tracked as CVE-2024-45519 impacts Zimbra. It allows an unauthenticated attacker to perform remote code execution through the postjournal service Stormhield Network Security (SNS) app...

Stormshield SNS protections for Solarwinds Web Help Desk vulnerability (CVE-2024-28987)

2024-10-18

The vulnerability tracked as CVE-2024-28987 impacts Solarwinds Web Help Desk. It allows an unauthenticated user to access internal functionality and modify data. Stormhield Network Security (SNS) appl...

Stormshield SNS protections for Splunk vulnerability (CVE-2024-36991)

2024-08-20

The vulnerability tracked as CVE-2024-36991 impacts Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10. It allows an attacker to edit some files on the server. Stormhield Network Security (SNS)...

Stormshield SNS protections for Zabbix vulnerability (CVE-2024-22116)

2024-08-20

The vulnerability tracked as CVE-2024-22116 impacts Zabbix. It may allow an attacker to achieve remote code execution on a target, through a command injection in the ping script. Stormhield Network Se...

Stormshield SNS protections for Ivanti EPM vulnerability (CVE-2024-29824)

2024-08-09

The vulnerability tracked as CVE-2024-29824 impacts Ivanti EPM. It allows an attacker to achieve remote code execution on a target, through a SQL injection. Stormhield Network Security (SNS) appliance...

SES Evolution Protection update 2407a

2024-08-02

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2407a for SES Evolution version 2.6.1.It can be downloaded from your secure area: https://mystormshield.eu/ ...

Stormshield SNS protections for Outlook vulnerability (CVE-2024-38021)

2024-07-15

The vulnerability tracked as CVE-2024-38021 impacts Microsoft Outlook mail client. It allows an attacker to send a crafted email to its target that contains a malicious Moniker link. The mail client w...

SES Evolution Protection update 2403c

2024-07-05

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2403c for SES Evolution version 2.5.3 or higher.It can be downloaded from your secure area: https://mystorms...

Stormshield SNS protections for Apache HugeGraph vulnerability (CVE-2024-27348)

2024-06-27

The vulnerability tracked as CVE-2024-24919 allows an attacker to achieve remote code execution on Apache HugeGraph server. Stormshield Network Security (SNS) appliance protects you from that attack, ...

Stormshield SNS protections for Checkpoint VPN vulnerability (CVE-2024-24919)

2024-06-27

The vulnerability tracked as CVE-2024-24919 allows an attacker to write a read an arbitrary file on the system and achieve remote code execution. Stormshield Network Security (SNS) appliance protects ...

Stormshield SNS protections for PHP-CGI vulnerability (CVE-2024-4577)

2024-06-11

The vulnerability tracked as CVE-2024-4577 allows an attacker to perform code injection on a Windows server that runs a PHP service. The following versions are impacted: Stormshield Network Security (...

Stormshield SNS protections for TrendNET vulnerabilities (CVE-2024-28353, CVE-2024-28354)

2024-06-04

The vulnerabilities tracked as CVE-2024-28353 and CVE-2024-28354 allow an attacker to perform code injection and obtain root permissions on TrendNET routers This affects TEW-827DRU router with firmwar...

SES Evolution Protection update 2403b

2024-05-29

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2403b for SES Evolution version 2.5.3 or higher.It can be downloaded from your secure area: https://mystorms...

Stormshield SNS protections for Fortra FileCatalyst vulnerability (CVE-2024-25153)

2024-04-25

The vulnerability tracked as CVE-2024-25153 allows an attacker to upload an arbitrary file on the filesystem, and then execute it. This affects Fortra FileCatalyst Workflow 5.x, before 5.1.6 Build 114...

Multiples vulnerabilities in JetBrains TeamCity

2024-04-25

3 critical authentication bypass vulnerability and a medium vulnerability impact the CI/CD tool JetBrains TeamCity. The Stormshield Customer Security Lab recommends activating the protections detailed...

Stormshield SNS protections for Palo Alto GlobalProtect vulnerability (CVE-2024-3400)

2024-04-18

The vulnerability tracked as CVE-2024-3400 allows an unauthenticated attacker to inject commands executed as root on a Palo Alto firewall through the GlobalProtect VPN. The following Pan-OS version ar...

Stormshield SNS protections for D-Link NAS vulnerability (CVE-2024-3273)

2024-04-10

The vulnerability tracked as CVE-2024-3273 allows an unauthenticated attacker to inject commands on the system The following devices are impacted: Stormhield Network Security (SNS) appliance protects ...

Stormshield SNS protections for Fortra GoAnywhere vulnerability (CVE-2024-0204)

2024-04-03

The vulnerability tracked as CVE-2024-0204 impacts Fortra GoAnywhere MFT version prior to 7.4.1. It allows an unauthenticated attacker to create an administrator account on the system. Stormhield Netw...

SES Evolution Protection update 2403a

2024-03-29

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2403a for SES Evolution version 2.5.3.It can be downloaded from your secure area: https://mystormshield.eu/ ...

Stormshield SNS protections for Outlook vulnerability (CVE-2024-21413)

2024-02-28

The vulnerability tracked as CVE-2024-21413 impacts Microsoft Outlook mail client. It allows an attacker to send a crafted email to its target that contains a malicious Moniker link. The mail client w...

Stormshield SNS protections for Apache Struts vulnerability (CVE-2023-50164)

2024-01-29

The vulnerability tracked as CVE-2023-50164 impacts Apache Struts. It allows an attacker to manipulate the files uploading configuration and upload some files using a path traversal. This can be used ...

Stormshield SNS protections for pfSense vulnerability (CVE-2023-42325)

2024-01-29

The vulnerability, tracked as CVE-2023-42325 impacts pfSense appliances. It allows an attacker to perform XSS injection through the WebGUI logs filter service. This can be used for further exploits. S...

Stormshield SNS protections for Zyxel NAS326 vulnerabilities (CVE-2023-4473, CVE-2023-4474)

2024-01-29

The vulnerabilities, tracked as CVE-2023-4473 and CVE-2023-4474 impacts Zyxel NAS326. Together, they allow an unauthenticated attacker to perform a RCE. Stormhield Network Security (SNS) appliance pro...

Updates on Stormshield SNS protections for Log4Shell CVE-2021-44228

2024-01-29

The famous Log4Shell vulnerability known since december 2021 has impacted many Java servers using Log4j services. Since then, many obfuscation techniques were used to avoid detection from IPS inspecti...

Stormshield SNS protections for CVE-2023-46805 and CVE-2024-21887

2024-01-24

The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887 impacts Ivanti Connect Secure. Together, they allow an unauthenticated attacker to perform a RCE. For more details, please see this ar...

Stormshield SNS protection for CVE-2023-7028 (Gitlab)

2024-01-22

The vulnerability, tracked as CVE-2023-7028 impacts Gitlab CE/EE. They allow an unauthenticated attacker to gain access to a user account under some conditions. For more details, please see this artic...

Stormshield SNS protection for CVE-2023-41321 and CVE-2023-41323 (GLPI)

2024-01-02

The vulnerability, tracked as CVE-2023-41321 and CVE-41323 impacts GLPI Web servers. They allow an unauthenticated attacker to get user enumeration and retrieve sensitive information about them. The S...

Stormshield SNS protection for Kamailio code injection

2024-01-02

Kamailio SIP server is vulnerable to code injection through its exec module. Note that this vulnerability wasn’t reported as a CVE yet. The Stormhield Network Security (SNS) appliance protects y...

Stormshield SNS protection for CVE-2023-43121 (EXOS)

2023-12-19

The vulnerability, tracked as CVE-2023-43121 impacts the Chalet application in EXOS. It allows an unauthenticated attacker to read configuration file from the targeted system. The Stormhield Network S...

Stormshield SNS protection for CVE-2023-42793 (JetBrains TeamCity)

2023-12-19

The vulnerability, tracked as CVE-2023-42793 impacts the on-premises version of Jetbrains TeamCity. It allows an unauthenticated attacker with access to a targeted server achieve remote code execution...

Stormshield SNS protection for CVE-2023-49103 (ownCloud)

2023-12-04

ownCloud has a vulnerability through its “graphapi” app (from version 0.2.0 to 0.3.0) that allows an unauthenticated attackers to retrieve many sensitive information from the server. Espec...

Stormshield SNS protection for CVE-2023-20198 (Cisco IOS XE)

2023-12-04

Cisco IOS XE Web UI has a vulnerability that allows a remote attacker to create a local user and password on his target, without authentication. This can be used for further exploitation. The Stormhie...

SES Evolution Protection update 2310c

2023-11-22

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2310c for SES Evolution version 2.4.3.It can be downloaded from your secure area: https://mystormshield.eu/ ...

Stormshield SNS protection for CVE-2023-37580 (XSS in Zimbra webmail)

2023-11-20

Zimbra webmail client has a vulnerability that allow Javascript code to be injected into pages running in authenticated contexts that affect the 8.8.x, 9.0.x and/or 10.0.x release trains. The Stormhie...

SES Evolution Protection update 2310b

2023-11-10

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2310b for SES Evolution version 2.4.3.It can be downloaded from your secure area: https://mystormshield.eu/ ...

Release of protections 2310a for SES Evolution

2023-10-25

The team at Stormshield Endpoint Security is pleased to announce the release of protections 2310a for SES Evolution version 2.4.3.It can be downloaded from your secure area: https://mystormshield.eu/ ...

New category in Applications signatures

2023-09-26

We published 4 new signatures to detect and block uploads to some cloud providers : Id Signature name http:client:header.230 Data Leak Prevention : WeTransfer : File upload via HTTP http:client:header...

Release of protections 2307a for SES Evolution

2023-08-07

The team at Stormshield Endpoint Security is pleased to announce the release of Protection 2307a for SES Evolution starting at version 2.4.3 It can be downloaded from your secure area: https://mystorm...

Update on some application signatures

2023-06-01

The following signatures have been updated: ID Name Details ssl:server:certificate.47 Social networking : Snapchat (SSL) Fixed Blocking and Detection ssl:server:certificate.104 Multimedia: Napster usa...

Stormshield protections for Volt Typhoon campaign

2023-05-25

On 24th May 2023, The United States and international cybersecurity authorities have issued a joint Cybersecurity Advisory. It is related to a massive state-sponsored cyber actor campaign, called Volt...

New Stormshield SNS protection for CVE-2023-4634 (WordPress Media Library Assistant)

2023-05-25

WordPress Media Library Assistant is vulnerable to a file inclusion. It allows unauthenticated users to upload some files. This vulnerability has been rated with a CVSS score of 9,8, which makes it cr...

New Stormshield SNS protection for CVE-2023-27350 (PaperCut NG)

2023-05-23

PaperCut NG is a printing management solution. Some of its version are vulnerable to an authentication bypass. An attacker can leverage this vulnerability to execute arbitrary code in the context of S...

Nevada

2023-03-29

The Nevada ransomware is a new member of the Nokoyawa’s family. It is written in Rust, which make it harder to debug and more easy to compile as a cross-platform binary. The ransomware inspects ...

Dark Power Ransomware rising

2023-03-28

The Dark power ransomware was on the rise in January 2023. The ransomware gang behind the strain is a new threat actor. The ransomware evades detection mechanism by disabling various services from sec...

Update on Google Play application signatures

2023-03-17

The Google Play application signatures identified by the following IDs have been updated : The identification of APIs related to Google Play Store has been improved. That will allow a better protectio...

CVE-2023-23397 (MS Outlook)

2023-03-16

Microsoft Office Outlook contains a critical vulnerability that allows an attacker to redirect the user to a remote SMB share. This will trigger an attempt to authenticate against it, allowing the att...

SkullLocker? Wait a minute, isn’t it a new variant of Chaos Ransomware?

2023-03-16

An attack campaign targeting Windows operating systems has been recently observed, it uses the “SkullLocker” ransomware. SkullLocker is a new variant of the Chaos ransomware family. It spr...

New Stormshield SNS protection against typosquatting of Stormshield website

2023-03-06

A domain-name that impersonates Stormshield identity has been spotted, this domain-name is not affiliated in any way to Stormshield. The Stormshield Customer Security Lab team has deployed a SNS prote...

New Stormshield SNS protection for CVE-2022-39952 (FortiNAC)

2023-02-21

FortiNAC is a solution used for Network Access Control. Some of its version are vulnerable to a unauthenticated file injection, allowing to obtain a reverse shell. The Stormshield Customer Security La...

New Stormshield SNS protection for CVE-2022-36635 (ZK Bio Security)

2023-02-09

ZKSecurity Bio v4.1.3 is a platform of physical security (access control, elevator, guest management, patrol and parking management). This version is vulnerable to a SQL injection, allowing an attacke...

Update on some SNS application detection signatures

2022-12-06

The following signatures have been changed: ID Name Details ssl:server:certificate.2 Gadu Gadu Fixed Blocking and Detection tcpudp:hostname.3 Gadu Gadu Fixed Blocking and Detection ssl:server:certific...