Posts tagged Vulnerability Disclosure

CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]

Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.

7 min Vulnerability Disclosure

CVE-2023-29298: Adobe ColdFusion Access Control Bypass

Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.

22 min Vulnerability Disclosure

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.

4 min Vulnerability Disclosure

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

A vulnerability in Raptor Technology Volunteer Management for Schools is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.

33 min Vulnerability Disclosure

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues and coordinate this disclosure.

7 min Vulnerability Disclosure

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

Rapid7 has discovered three security concerns in CloudPanel from MGT-COMMERCE, a self-hosted web administration solution.

4 min Vulnerability Disclosure

Microsoft Defender for Cloud Management Port Exposure Confusion

Microsoft Defender for Cloud, until recently, didn't distinguish "0.0.0.0/0" as a synonym for "any" when checking for management port exposures for Azure instances.

13 min Vulnerability Disclosure

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

Rapid7 has discovered, and is now disclosing, eight XSS issues affecting four on-premises document management systems. As of this disclosure, none have patches available.

5 min Vulnerability Disclosure

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 and are now disclosing it in accordance with our vulnerability disclosure policy.

5 min Vulnerability Disclosure

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy

Rapid7 has updated its coordinated vulnerability disclosure (CVD) policy and philosophy. In this article, you'll learn what prompted the changes.

4 min Vulnerability Disclosure

Cengage LTI Session Management Leakage

Cengage, an education technology provider in use in many higher education environments primarily in the United States, had two issues in the way it handled session management over its Learning Tools Integration (LTI) pipeline.

3 min Vulnerability Disclosure

CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)

Nexpose version 6.6.172 fixes an issue with how Nexpose validates update packages, CVE-2022-4261.

12 min Vulnerability Disclosure

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

Rapid7 discovered several vulnerabilities and exposures in specific F5 BIG-IP and BIG-IQ devices in August 2022. Since then, members of our research team have worked with the vendor to discuss impact, resolution, and a coordinated response.

8 min Vulnerability Disclosure

FLEXlm and Citrix ADM Denial of Service Vulnerability

Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and not CVE-2022-27511, which has a different root cause. On June 27, 2022, Citrix released an advisory [https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512] for CVE-2022-27511 [https://nvd.nist.gov/vuln/detail/CVE-2022-27511] and CVE-2022-27512 [https://nvd.nist.gov/vuln/detail/CVE-2022-27512], which affect Citrix ADM (Application Del

7 min Vulnerability Disclosure

Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)

Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare.

Posts tagged Vulnerability Disclosure

CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]

CVE-2023-29298: Adobe ColdFusion Access Control Bypass

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

Microsoft Defender for Cloud Management Port Exposure Confusion

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy

Cengage LTI Session Management Leakage

CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)

CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures

FLEXlm and Citrix ADM Denial of Service Vulnerability

Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)

Popular Topics

Tags

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.