2 min
Emergent Threat Response
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.
3 min
Emergent Threat Response
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954
On April 6, 2022, VMware detailed CVE-2022-22954, a critical RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager.
3 min
Emergent Threat Response
Opportunistic Exploitation of WSO2 CVE-2022-29464
On April 18, 2022, MITRE published CVE-2022-29464, an unrestricted file upload vulnerability affecting various WSO2 products.
4 min
Emergent Threat Response
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.
1 min
Emerging Threats
Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems
We have been continuously monitoring for Spring4Shell exploit attempts in our environment, and we will update this page as learn more.
15 min
Emergent Threat Response
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.
2 min
Emergent Threat Response
CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel
On March 7, 2022, CM4all security researcher Max Kellermann published technical details on CVE-2022-0847, an arbitrary file overwrite vulnerability in versions 5.8+ of the Linux kernel.
1 min
Emerging Threats
Russia/Ukraine Conflict: What Is Rapid7 Doing to Protect My Organization?
Rapid7 is monitoring the escalating conflict in Ukraine. To assist with your preparation and response efforts, Rapid7 is constantly making efforts to better protect our customers.
5 min
Emerging Threats
Staying Secure in a Global Cyber Conflict
Now that Russia has begun its armed invasion of Ukraine, we should expect increasing risks of cybersecurity attacks and incidents, either as spillover from cyberattacks targeting Ukraine or direct attacks against actors supporting Ukraine.
4 min
Emergent Threat Response
Active Exploitation of VMware Horizon Servers
Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.
8 min
InsightVM
Using InsightVM to Find Apache Log4j CVE-2021-44228
How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.
3 min
Emergent Threat Response
Update on Log4Shell’s Impact on Rapid7 Solutions and Systems
Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s log4j Java library (a.k.a. Log4Shell).
7 min
Risk Management
Driver-Based Attacks: Past and Present
In our analysis of CVE-2021-21551, a write-what-where vulnerability in a Dell driver, we found that Dell’s update didn’t fix the write-what-where condition but only limited access to administrative users.
15 min
Emergent Threat Response
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical RCE vulnerability that is being exploited in the wild.
2 min
Emergent Threat Response
Patch Now: SonicWall Fixes Multiple Vulnerabilities in SMA 100 Devices
On December 7, 2021, Sonicwall released a security advisory that includes patching guidance for five vulnerabilities that were discovered by Rapid7.