THIS VULNERABILITY AFFECTS ALL JAVA APPLICATIONS THAT RELY ON FASTJSON: CVE-2022-25845

A patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson vulnerability recently received a CVE identifier – CVE-2022-25845, and a high CVSS...

CRITICAL ATTACK ON ATLASSIAN CONFLUENCE SERVER AND DATA CENTER PRODUCTS: CVE-2022-26134

Adversaries have been actively exploiting a critical Remote Code Execution vulnerability being tracked as CVE-2022-26134, impacting Atlassian Confluence Server and Data Center Products. About CVE-2022-26134 The attack chain involves a command injection vulnerability to achieve unauthenticated Remote Code Execution on the server allowing the adversaries to get the BEHINDER (a JSP web shell that allows...

ADVERSARIES ARE EXPLOITING CRITICAL F5 BIG-IP RCE

Threat actors started massively exploiting the critical remote code execution vulnerability, tracked as CVE-2022-1388, affecting F5 BIG-IP. On May 4, 2022, F5 released a security advisory for a remote code execution vulnerability in the iControl REST component of its BIG-IP product with a CVSSv3 base score of 9.8. Threat actors can exploit this vulnerability to bypass...

CVE-2022-22954: CRITICAL RCE IN VMWARE WORKSPACE ONE ACCESS AND VMWARE IDENTITY MANAGER

Attackers have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver crypto miners onto vulnerable systems. The software vendor released a security advisory for the vulnerability on April 6, 2022, warning about the possibility of a threat actor with network access triggering a server-side template injection that results...

Spring4Shell: Patched RCE Vulnerability in Spring Core and Spring Cloud Frameworks Finally

Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. On March 30, 2022, the security community became widely aware of vulnerabilities related to spring, the popular open-source Java framework. What is Spring4Shell? Spring4Shell is a bug in Spring Core, a popular application...