2 min
Emergent Threat Response
CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability
Emergent threats evolve quickly, and as we learn more about this vulnerability,
this blog post will evolve, too.
Rapid7 is responding to various compromises arising from the exploitation of
CVE-2022-21587 [https://nvd.nist.gov/vuln/detail/CVE-2022-21587], a critical
arbitrary file upload vulnerability (rated 9.8 on the CVSS v3 risk metric)
impacting Oracle E-Business Suite (EBS). Oracle published a Critical Patch
Update Advisory [https://www.oracle.com/security-alerts/cpuoct2022.html] in
Octob
7 min
Emergent Threat Response
CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability
Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a vulnerability impacting at least 24 ManageEngine products.
2 min
Emergent Threat Response
CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE
Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.
1 min
Emergent Threat Response
CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability
On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability.
2 min
Emergent Threat Response
CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported
Today FortiGuard Labs published advisory FG-IR-22-398 regarding a “heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN. FortiGuard Labs has confirmed at least one instance of the vulnerability being exploited in the wild.
2 min
Emergent Threat Response
CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies
On October 3, 2022, Fortinet released an update that indicates then-current versions of FortiOS and FortiProxy are vulnerable to CVE-2022-40684.
2 min
Emergent Threat Response
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
Exploitation is underway CVE-2022-26138, one of a trio of critical Atlassian vulnerabilities affecting the company's on-premises products.
4 min
Emergent Threat Response
Active Exploitation of VMware Horizon Servers
Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.
2 min
Emergent Threat Response
Patch Now: SonicWall Fixes Multiple Vulnerabilities in SMA 100 Devices
On December 7, 2021, Sonicwall released a security advisory that includes patching guidance for five vulnerabilities that were discovered by Rapid7.
2 min
Emergent Threat Response
Oh No, Zoho: Active Exploitation of CVE-2021-44077 Allowing Unauthenticated Remote Code Execution
Zoho customers have had a huge incentive lately to keep their software up to date, as recent Zoho critical vulnerabilities have been weaponized shortly after release by advanced attackers.
2 min
Emergent Threat Response
Ongoing Exploitation of Windows Installer CVE-2021-41379
On November 22, 2021, security researcher Abdelhamid Naceri found that Microsoft's initial patch for CVE-2021-41379 did not remediate the vulnerability.
2 min
Emergent Threat Response
NPM Library (ua-parser-js) Hijacked: What You Need to Know
For approximately 4 hours on Friday, October 22, 2021, the widely used NPM package ua-parser-js was embedded with a malicious script.
2 min
Emergent Threat Response
Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)
On Tuesday, September 21, 2021, VMware published details on a critical file upload vulnerability in vCenter Server.
7 min
Emergent Threat Response
Popular Attack Surfaces, August 2021: What You Need to Know
Here’s the specific attack surface area and a few of the exploit chains we’re keeping our eye on right now.