5 min
Vulnerability Disclosure
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 and are now disclosing it in accordance with our vulnerability disclosure policy.
12 min
Vulnerability Disclosure
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
Rapid7 discovered several vulnerabilities and exposures in specific F5 BIG-IP and BIG-IQ devices in August 2022. Since then, members of our research team have worked with the vendor to discuss impact, resolution, and a coordinated response.
8 min
Vulnerability Disclosure
FLEXlm and Citrix ADM Denial of Service Vulnerability
Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and
not CVE-2022-27511, which has a different root cause.
On June 27, 2022, Citrix released an advisory
[https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512]
for CVE-2022-27511 [https://nvd.nist.gov/vuln/detail/CVE-2022-27511] and
CVE-2022-27512 [https://nvd.nist.gov/vuln/detail/CVE-2022-27512], which affect
Citrix ADM (Application Del
3 min
Emergent Threat Response
Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)
CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.
2 min
Emergent Threat Response
CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center
On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.
2 min
Emergent Threat Response
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.