Posts by Ron Bowes

5 min Vulnerability Disclosure

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 and are now disclosing it in accordance with our vulnerability disclosure policy.

12 min Vulnerability Disclosure

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Rapid7 discovered several vulnerabilities and exposures in specific F5 BIG-IP and BIG-IQ devices in August 2022. Since then, members of our research team have worked with the vendor to discuss impact, resolution, and a coordinated response.

8 min Vulnerability Disclosure

FLEXlm and Citrix ADM Denial of Service Vulnerability

Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and not CVE-2022-27511, which has a different root cause. On June 27, 2022, Citrix released an advisory [https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512] for CVE-2022-27511 [https://nvd.nist.gov/vuln/detail/CVE-2022-27511] and CVE-2022-27512 [https://nvd.nist.gov/vuln/detail/CVE-2022-27512], which affect Citrix ADM (Application Del

3 min Emergent Threat Response

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.

2 min Emergent Threat Response

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.

2 min Emergent Threat Response

Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388

On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.