Security event types created on Mon Dec 13 08:26:36 CET 2021 com.boc.axw.log.security.detectionpoint.EActionDetectionPoint ADOACTION1 The action type was defined but it is unknown. ADOACTION2 The servlet cannot handle the action type. ADOACTION3 Reauthentication is required before executing the action. ADOACTION4 Problem with the reauthentication of actions was detected. ADOACTION5 The public action type was marked to be reauthenticated. Since it is public this does not make sense. ADOACTION6 A parameter is missing. ADOACTION7 The action type is not accessible to the current user and runmode. com.boc.axw.log.security.detectionpoint.EAdminDetectionPoint ADOADMIN1 An admin functionality was triggered although the user does not have admin rights. ADOADMIN2 Admin run mode requested but not available. ADOADMIN3 Admin functionality is accessed. ADOADMIN4 Saving authentication configuration. ADOADMIN5 Uploading authentication configuration file. ADOADMIN6 Removing authentication configuration file. ADOADMIN7 Toggling authentication trace. ADOADMIN8 Resetting authentication configuration. ADOADMIN9 Uploading authentication configuration file. com.boc.commons.log.EAdoDetectionPoint ADO1 The detection point category is not defined. ADO10 Inside the same session the source IP changed. This indicates a session hijacking attack. ADO11 Inside the same session the user agent changed. ADO12 Mail has been successfully sent. ADO13 Errors sending mail. ADO15 An error occurred processing the HTTP request. ADO16 Unusual amount of requests to log client information on the webserver. ADO17 Skip logging the event for a specific time because of too many log requests of this security event. ADO2 Creating a SIP package and providing it to the Client. ADO3 User requested the SIP package but configuration does not allow it. ADO4 The cross site request forgery check found an issue. ADO5 Insecure encryption used. ADO6 Problems occurred encrypting / decrypting data. ADO7 Initializing a new trust store. ADO8 Problems occurred using the trust store. ADO9 Detected a content security policy violation. com.boc.axw.log.security.detectionpoint.EAuthenticationDetectionPoint ADOAUTH1 New user was logged in. ADOAUTH10 The global limit of login attempts within the configured time was reached. ADOAUTH11 The user changed his password. ADOAUTH12 The user changed his password and an error occurred. ADOAUTH13 Tried to use the system user for login in an illegal manner. ADOAUTH14 Tried to use the technical user for login in an illegal manner. ADOAUTH15 Authentication method not allowed for the specified user. ADOAUTH16 A user has requested a password reset. ADOAUTH17 A password reset mail was sent. ADOAUTH18 A user has clicked the password reset link. ADOAUTH19 Password reset was done. ADOAUTH2 A problem with the login was detected. E.g. wrong password / username. ADOAUTH20 Password reset link is valid. ADOAUTH21 Resetting the password failed because the token was invalid or not available anymore. ADOAUTH22 Requesting to reset the password failed because the passed user data was invalid. ADOAUTH23 The configured brute force threshold was reached for resetting the password. ADOAUTH24 Concurrent sessions of user invalidated due to password reset. ADOAUTH25 Password Reset Request IPtriggered for Admin/Technical user ADOAUTH26 Password Reset validation request. ADOAUTH27 Password Reset action triggered while feature is disabled. ADOAUTH28 Invalid URL used for OAuth2 client redirect. ADOAUTH29 The configured brute force threshold was reached for REST requests by the current IP ADOAUTH3 Login was not possible - the access was denied. ADOAUTH4 A user was logged out. ADOAUTH5 General authentication information. ADOAUTH6 In order to access the functionality the user needs to be logged in. ADOAUTH7 Session was invalidated because session restriction is active and another session for the same user is now active. ADOAUTH8 New user could not login since there is no licence available. ADOAUTH9 The limit of login attempts within the configured time for a single user was reached. com.boc.axw.log.security.detectionpoint.EBrokerEventDetectionPoint ADOBROKER1 Illegal attempt to publish a message over a channel where this is forbidden. com.boc.axw.log.security.detectionpoint.EDebugDetectionPoint ADODEBUG1 The debug mode has been initialized. ADODEBUG2 The production debug mode has been changed. ADODEBUG3 The session debug mode has been changed. ADODEBUG4 A debug function has been invoked, but the required debug mode is not active. ADODEBUG5 A debug function has been executed. ADODEBUG6 The developer debug mode has been activated. ADODEBUG7 The developer debug mode has been deactivated. com.boc.axw.log.security.detectionpoint.EDoSDetectionPoint ADODOS1 Too many automatic translations were triggered by one user per hour. com.boc.axw.log.security.detectionpoint.EFileDetectionPoint ADOFILE1 File size limit is reached. ADOFILE10 A resource with invalid name and parameters was requested. This can indicate a fuzzing attempt. ADOFILE11 Tried to access a file that is in a directory that is not allowed to be accessed. ADOFILE2 Uploading a file. ADOFILE3 Upload was requested but the AServer method to store the file does not exist or is wrongly configured. ADOFILE4 Unknown or missing DCF file handler. ADOFILE5 Missing configuration or error triggering the DCF file handler. ADOFILE6 A file cannot be delivered to the client because it is unknown to the server. ADOFILE7 A virus scanner has blocked the upload of a file. ADOFILE9 Null byte injection detected. com.boc.axw.log.security.detectionpoint.EGenericDetectionPoint ASERVER1 Generic security event on the application server COOKIE1 Cookies are forced to SameSite=None & Secure (if possible) by configuration com.boc.axw.component.graphrep.domain.EGraphRepSecurityDetectionPoint GRAPHREP1 A Java Reflection method was used inside the GraphRep context in order to escape the sandbox restrictions. GRAPHREP2 A Java class was accessed inside the GraphRep script execution which is not supported for this. GRAPHREP3 An image render instruction was added outside of the main rendering use case (e.g. via overlays) that tries to use the HTML in SVG embedding method. To stop any possible injection attacks from the very beginning this is currently not allowed. com.boc.axw.log.security.detectionpoint.EJWTDetectionPoint ADOJWT1 An OAuth 2 endpoint request was performed via insecure HTTP instead of HTTPS. ADOJWT2 A request was blocked due to brute force protection (IP based). ADOJWT3 The passed JWT could not be parsed. ADOJWT4 The passed JWT is invalid. com.boc.axw.component.ldap.ELDAPDetectionPoint LDAP1 Illegal access to LDAP functionality. LDAP2 Cannot execute LDAP action since no user is logged in. LDAP3 Invalid query parameter(s) have been passed. LDAP4 The user is not known to the directory. LDAP5 A problem with the LDAP login was detected. E.g. wrong password / username. LDAP6 Access to LDAP functionaliy not possible (feature not enabled or invalid configuration). com.boc.commons.mail.EMailDetectionPoint MAIL01 An e-mail was sent to more recipients then what is allowed according to the configuration. MAIL02 The number of e-mails that was attempted to send out was higher than the allowed configuration. MAIL03 An e-mail was attempted to be sent to a recipient that is not in the configured trusted domains. MAIL04 An e-mail was attempted to be sent that was larger than the allowed configured size. MAIL05 An e-mail was successfully sent. MAIL06 An e-mail could not be sent because the authentication to the mail-server failed. com.boc.axw.log.security.detectionpoint.EMaintenanceDetectionPoint ADOMAINTENANCE1 The maintenance mode was enabled. ADOMAINTENANCE2 The maintenance mode was disabled. com.boc.axw.log.security.detectionpoint.EOAuth2DetectionPoint ADOOAUTH1 An OAuth 2 endpoint request was performed via insecure HTTP instead of HTTPS. ADOOAUTH2 An authentication code was misused (expired or used multiple times). ADOOAUTH3 A request was blocked due to brute force protection (IP based). ADOOAUTH4 A request was made passing no scope or an invalid scope. ADOOAUTH5 A request was made originating from an IP that does not comply with the configured constraints. com.boc.axw.component.auth.connector.oidc.EOIDCDetectionPoint OIDC1 The state value was changed. com.boc.axw.log.security.detectionpoint.ERESTDetectionPoint ADOREST1 The REST authorization was skipped. ADOREST2 The REST authorization failed. ADOREST3 A replay attack was detected in a REST call. ADOREST4 A new trusted user was added. ADOREST5 A parameter is missing. ADOREST6 A REST parameter has the wrong type. ADOREST7 The trusted user configuration is lacking information. ADOREST8 An endpoint requires authorization but the server uses insecure HTTP and not HTTPS. com.boc.axw.component.view.render.ERenderSecurityDetectionPoint RENDER1 The HTML frame to embed formatted text was altered to an unkown not accepted state. com.boc.axw.component.auth.connector.saml.ESAMLDetectionPoint SAML1 Assertion decryption should be used but there are configuration issues. SAML2 SAML response does not contain the login claim. SAML3 The signature of the context could not be validated against the identity provider. SAML4 The SAML context could not be created. com.boc.axw.security.upload.ESVGUploadDetectionPoint SVGUP1 The SVG is invalid - this can indicate a broken SVG or a malicious attempt. SVGUP2 The SVG contains too many entity references that it was declared to be an XML bomb to cause a DOS attack. SVGUP3 The SVG contains unusual tags that are not necessarily needed for visualization but that are used in simple SVG attacks SVGUP4 The SVG contains nested referneces in a way that causes a denial of service. com.boc.axw.log.security.detectionpoint.EWebmethodDetectionPoint ADOWM1 User requested to load an unknown webmethod. ADOWM2 A technical webmethod was triggered but with a non-technical user. ADOWM3 A technical webmethod was triggered but no technical user is configured. ADOWM4 A repository specific webmethod was triggered internally. ADOWM5 An MFB triggered a webmethod execution using the system user. ADOWM6 A webmethod was triggered in a chained manner but the webmethod does not allow to be called in a chain. ADOWM7 An internal webmethod was triggered in a way that is not allowed.