Ron Bowes – Noise

Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

Ron Bowes — Mon, 16 Oct 2023 15:00:00 +0000

As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers.

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

Ron Bowes — Thu, 07 Sep 2023 15:05:00 +0000

In August 2023, Rapid7 discovered CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. Successful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.

Exploitation of Juniper Networks SRX Series and EX Series Devices

Ron Bowes — Thu, 31 Aug 2023 20:23:59 +0000

On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. Successful exploitation would likely enable attackers to pivot to organizations’ internal networks.

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Ron Bowes — Thu, 22 Jun 2023 16:16:57 +0000

Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

Ron Bowes — Wed, 29 Mar 2023 15:21:09 +0000

In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues and coordinate this disclosure.

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

Ron Bowes — Wed, 01 Feb 2023 15:57:57 +0000

Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 and are now disclosing it in accordance with our vulnerability disclosure policy.

FLEXlm and Citrix ADM Denial of Service Vulnerability

Ron Bowes — Tue, 18 Oct 2022 13:30:00 +0000

On June 27, 2022, Citrix released an advisory for CVE-2022-27511 and CVE-2022-27512, which affect Citrix ADM (Application Delivery Management).

Rapid7 investigated these issues to better understand their impact, and found that the patch is not sufficient to prevent exploitation. We also determined that the worst outcome of this vulnerability is

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

Ron Bowes — Thu, 06 Oct 2022 17:13:34 +0000

CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.

CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center

Ron Bowes — Tue, 20 Sep 2022 15:14:26 +0000

On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.

Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388

Ron Bowes — Mon, 09 May 2022 17:57:00 +0000

On May 4, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.