5 min
Cybersecurity
Fortinet FortiWeb OS Command Injection
An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system.
13 min
Vulnerability Disclosure
Multiple Open Source Web App Vulnerabilities Fixed
While it's never great to learn of new vulnerabilities in your own product, all three project maintainers accepted, validated, and provided fixes for these vulnerabilities within one day, which is amazing when it comes to vulnerability disclosure.
8 min
Vulnerability Disclosure
CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities
Four vulnerabilities involving Sage X3 were identified by Rapid7 researchers.
2 min
Detection and Response
CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential
The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.
2 min
Research
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard
Rapid7 just released the third in our Industry Cyber-Exposure Report (ICER) series. We've slimmed down our research and reporting style, and this series focuses on five areas we believe that CISOs at mega-corporations actually have a shot at accomplishing.
8 min
Vulnerability Disclosure
Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure (Fixed)
Researchers discovered a trio of vulnerabilities in the Akkadian Provisioning Manager version 4.50.18.
4 min
Vulnerability Disclosure
CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities
Discovered by Rapid7 researcher William Vu, Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from 2 restricted-shell escape vulnerabilities.
6 min
CISOs
Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500
We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.
8 min
ICER Reports
Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500
Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.
6 min
ICER Reports
Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500
Complexity is the enemy to successful security outcomes. To get a feel for how well-resourced organizations perform in this area, we looked at 3 factors.
1 min
ICER Reports
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200
Today, we are excited to release the third report in our Industry Cyber-Exposure Report (ICER) series, which digs into cyber-exposure among organizations in Australia’s ASX 200.
4 min
ICER Reports
Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500
There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here.
4 min
ICER Reports
Rapid7's 2021 ICER Takeaways: Email Security Among the Fortune 500
We all know and love—or at least begrudgingly rely upon—email. It is a pillar of modern communications, but is unfortunately also highly susceptible to being leveraged as a mechanism for malicious actions, such as spoofing or phishing.
1 min
Research
Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350
We are excited to release the second report in our Industry Cyber-Exposure Report (ICER) series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350.
3 min
Vulnerability Disclosure
CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)
Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.