Posts tagged Vulnerability Management

8 min Vulnerability Disclosure

Akkadian Provisioning Manager Multiple Vulnerabilities Disclosure

Researchers discovered a trio of vulnerabilities in the Akkadian Provisioning Manager version 4.50.18.

5 min Vulnerability Management

Patch Tuesday - June 2021

It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation (CVE-2021-31955 [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31955], CVE-2021-31956 [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31956], CVE-2021-33739 [https://msrc.microsoft.com/updat

4 min Vulnerability Disclosure

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Discovered by Rapid7 researcher William Vu, Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from 2 restricted-shell escape vulnerabilities.

2 min Emergent Threat Response

CVE-2021-21985: What you need to know about the latest critical vCenter Server vulnerability

On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010 [https://www.vmware.com/security/advisories/VMSA-2021-0010.html], which includes details on CVE-2021-21985, a critical remote code execution vulnerability in the vSphere Client (HTML5) component of vCenter Server (6.5, 6.7, and 7.0) and VMware Cloud Foundation (3.x and 4.x). The vulnerability arises from lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. Succe

8 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.

5 min Patch Tuesday

Patch Tuesday - May 2021

Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of them being scored as critical. Let's dive into the details. HTTP Protocol Stack Remote Code Execution Vulnerability - CVE-2021-31166 [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-

6 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

Complexity is the enemy to successful security outcomes. To get a feel for how well-resourced organizations perform in this area, we looked at 3 factors.

3 min InsightVM

What’s New in InsightVM: Q1 2021 in Review

Here now is a rundown of new features and functionality launched in Q1 2021 for InsightVM and Insight Cloud. We hope you can begin to leverage these changes to drive success across your organization.

3 min Kubernetes

Rapid7 Announces Kubernetes Integration General Availability in InsightVM

Rapid7 is excited to announce the general availability of our Kubernetes integration in InsightVM, our vulnerability management tool.

2 min News

Codecov Discloses Supply Chain Compromise

On April 15, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization.

2 min Vulnerability Management

Rapid7 Announces General Availability for Scoped Executive Summary Report in InsightVM

InsightVM’s Executive Summary Report has proved to be a powerful tool, and we’re excited to announce that it just got better.

9 min Patch Tuesday

Patch Tuesday - April 2021

Patch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical by Microsoft. Let's dive in! New Exchange Server Patches Available If you were only going to patch one thing today, please let it be this. Exchange Server has been a hot topic since the vulnerabilities

3 min Vulnerability Disclosure

CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS.

2 min Emergent Threat Response

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

SolarWinds released fixes for 4 new vulnerabilities in their Orion platform, the most severe of which is an authenticated RCE flaw due to a JSON deserialization weakness.

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."