3 min
Emergent Threat Response
Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954
On April 6, 2022, VMware detailed CVE-2022-22954, a critical RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager.
3 min
Emergent Threat Response
Opportunistic Exploitation of WSO2 CVE-2022-29464
On April 18, 2022, MITRE published CVE-2022-29464, an unrestricted file upload vulnerability affecting various WSO2 products.
5 min
Vulnerability Management
What's New in InsightVM and Nexpose: Q1 2022 in Review
The product updates our vulnerability management (VM) team has made to InsightVM and Nexpose in the last quarter will empower you to stay in charge — not the vulnerabilities.
4 min
Research
CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)
On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache.
15 min
Emergent Threat Response
Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)
Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework. We will update this blog continually as new information arises on this zero-day vulnerability.
4 min
Research
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report
Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.
6 min
Log4Shell
Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal
On Wednesday, February 16, Rapid7 experts Bob Rudis, Devin Krugly, and Glenn Thorpe sat down for a webinar on the current state of the Log4j vulnerability.
14 min
Research
Dropping Files on a Domain Controller Using CVE-2021-43893
On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privelege escalation vulnerability affecting Windows EFS.
10 min
Vulnerability Disclosure
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)
Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices.
8 min
InsightVM
Using InsightVM to Find Apache Log4j CVE-2021-44228
How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.
3 min
Emergent Threat Response
Update on Log4Shell’s Impact on Rapid7 Solutions and Systems
Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s log4j Java library (a.k.a. Log4Shell).
7 min
Risk Management
Driver-Based Attacks: Past and Present
In our analysis of CVE-2021-21551, a write-what-where vulnerability in a Dell driver, we found that Dell’s update didn’t fix the write-what-where condition but only limited access to administrative users.
15 min
Emergent Threat Response
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical RCE vulnerability that is being exploited in the wild.
2 min
Emergent Threat Response
Patch Now: SonicWall Fixes Multiple Vulnerabilities in SMA 100 Devices
On December 7, 2021, Sonicwall released a security advisory that includes patching guidance for five vulnerabilities that were discovered by Rapid7.
2 min
Emergent Threat Response
Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution
Zoho customers have had a huge incentive lately to keep their software up to date, as recent Zoho critical vulnerabilities have been weaponized shortly after release by advanced attackers.