2 min
Emergent Threat Response
CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center
On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.
4 min
Emergent Threat Response
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
Five vulnerabilities affecting Zimbra Collaboration Suite have come to our attention, one that is unpatched and four that are actively being exploited.
2 min
Emergent Threat Response
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.
2 min
Emergent Threat Response
Exploitation of Mitel MiVoice Connect SA CVE-2022-29499
Rapid7 MDR analysts have observed a small number of intrusions leveraging CVE-2022-29499, a data validation vulnerability in MiVoice Connect.
1 min
Emergent Threat Response
CVE-2022-27511: Citrix ADM Remote Device Takeover
On Monday, June 14, 2022, Citrix published an advisory on CVE-2022-27511, a critical improper access control vulnerability affecting their ADM product.
11 min
Emergent Threat Response
Active Exploitation of Confluence CVE-2022-26134
On June 2, 2022, Atlassian published an advisory for CVE-2022-26134, a critical unauthenticated RCE vulnerability in Confluence Serve and Data Center.
1 min
Emergent Threat Response
CVE-2022-30190: "Follina" Microsoft Support Diagnostic Tool Vulnerability
On May 30, 2022, Microsoft published an advisory on CVE-2022-30190, an unpatched vulnerability in the Microsoft Support Diagnostic Tool.
2 min
Emergent Threat Response
CVE-2022-22972: Critical Authentication Bypass in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
On May 18, 2022, VMware published an advisory on CVE-2022-22972, a critical authentication bypass affecting multiple solutions.
5 min
Vulnerability Disclosure
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.
2 min
Emergent Threat Response
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.
3 min
Emergent Threat Response
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954
On April 6, 2022, VMware detailed CVE-2022-22954, a critical RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager.
3 min
Emergent Threat Response
Opportunistic Exploitation of WSO2 CVE-2022-29464
On April 18, 2022, MITRE published CVE-2022-29464, an unrestricted file upload vulnerability affecting various WSO2 products.
4 min
Emergent Threat Response
CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)
On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.
1 min
Emerging Threats
Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems
We have been continuously monitoring for Spring4Shell exploit attempts in our environment, and we will update this page as learn more.
15 min
Emergent Threat Response
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.