Rapid7, Inc.

RPD

US7534221046

Software

Market Closed - Nasdaq Other stock markets 04:00:00 2024-04-26 pm EDT			5-day change	1st Jan Change
45.93 ^USD	+0.17%		+3.66%	-19.56%

02:14pm	Scotiabank Starts Rapid7 With Sector Perform Rating, $46 Price Target	MT
Apr. 10	Rapid7 Insider Sold Shares Worth $1,006,336, According to a Recent SEC Filing	MT

Rapid7 : Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

September 21, 2021 at 04:12 pm EDT

Description

On Tuesday, September 21, 2021, VMware published security advisory VMSA-2021-0020, which includes details on CVE-2021-22005, a critical file upload vulnerability (CVSSv3 9.8) in vCenter Server that allows remote code execution (RCE) on the appliance. Successful exploitation of this vulnerability is achieved simply by uploading a specially crafted file via port 433 "regardless of the configuration settings of vCenter Server."

VMware has published an FAQ outlining the details of this vulnerability and makes it clear that this should be patched "immediately." A workaround is also being provided by VMware - however, its use is not being recommended and should only be used as a temporary solution.

Affected products

vCenter Server versions 6.7 and 7.0
Cloud Foundation (vCenter Server) 3.x, 4.x

Guidance

We echo VMware's advice that impacted servers should be patched right away. While there are currently no reports of exploitation, we expect this to quickly change within days - just as previous critical vCenter vulnerabilities did (CVE-2021-21985, CVE-2021-21972). Additionally, Rapid7 recommends that, as a general practice, network access to critical organizational infrastructure only be allowed via VPN and never open to the public internet.

We will update this post as more information becomes available, such as information on exploitation.

Rapid7 customers

A vulnerability check for CVE-2021-22005 is under development and will be available to InsightVM and Nexpose customers in an upcoming content release pending the QA process.

In the meantime, InsightVM customers can use Query Builder to find assets that have vCenter Server installed by creating the following query: software.descriptioncontainsvCenter Server. Rapid7 Nexpose customers can create a Dynamic Asset Group based on a filtered asset search for Software namecontainsvCenter Server.

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Attachments

Original document
Permalink

Disclaimer

Rapid7 Inc. published this content on 21 September 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 21 September 2021 20:11:09 UTC.

Latest news about Rapid7, Inc.

Scotiabank Starts Rapid7 With Sector Perform Rating, $46 Price Target	08:14am	MT
Rapid7 Insider Sold Shares Worth $1,006,336, According to a Recent SEC Filing	Apr. 10	MT
Add a little SaaS to your life	Mar. 14
Transcript : Rapid7, Inc. Presents at Morgan Stanley?s Technology, Media & Telecom Conference 2024, Mar-05-2024 03:35 PM	Mar. 05
Rapid7 Insider Sold Shares Worth $878,388, According to a Recent SEC Filing	Mar. 04	MT
Rapid7's Q4 Non-GAAP Earnings, Revenue Increase	Feb. 08	MT
Transcript : Rapid7, Inc., Q4 2023 Earnings Call, Feb 07, 2024	Feb. 07
(RPD) RAPID7 Forecasts Q1 Revenue Range $203M - $205M	Feb. 07	MT
(RPD) RAPID7 Expects Fiscal Year 2024 Revenue Range $848M - $856M	Feb. 07	MT
(RPD) RAPID7 Forecasts Q1 EPS Range $0.52 - $0.55	Feb. 07	MT
(RPD) RAPID7 Expects Fiscal Year 2024 EPS Range $2.10 - $2.21	Feb. 07	MT
Earnings Flash (RPD) RAPID7 Reports Q4 Revenue $205.3M, vs. Street Est of $201.4M	Feb. 07	MT
Earnings Flash (RPD) RAPID7 Posts Q4 EPS $0.72, vs. Street Est of $0.48	Feb. 07	MT
Rapid7, Inc. Reports Earnings Results for the Fourth Quarter and Full Year Ended December 31, 2023	Feb. 07	CI
Rapid7, Inc. Provides Earnings Guidance for the First Quarter and Full Year of 2024	Feb. 07	CI
Rapid7, Inc. Adds New Managed Digital Risk Protection to Leading MDR Service for 360-Degree Detection and Response	Feb. 06	CI
North American Morning Briefing : Microsoft Kicks -2-	Jan. 30	DJ
UBS Upgrades Rapid7 to Buy From Neutral, Raises Price Target to $70 From $53	Jan. 29	MT
North American Morning Briefing : Focus Fixed on -2-	Jan. 11	DJ
Rapid7, Inc. Appoints Scott Murphy as Senior Vice President, Chief Accounting Officer, Effective on March 4, 2024	Jan. 09	CI
Citigroup Upgrades Rapid7 to Buy From Neutral, Raises Price Target to $65 From $54	Jan. 09	MT
Rapid7 Insider Sold Shares Worth $912,592, According to a Recent SEC Filing	Jan. 05	MT
JPMorgan Adjusts Price Target on Rapid7 to $61 From $52, Maintains Neutral Rating	Dec. 11	MT
Rapid7 Insider Sold Shares Worth $2,024,007, According to a Recent SEC Filing	Nov. 22	MT
Morgan Stanley Adjusts Price Target on Rapid7 to $55 From $52, Maintains Equalweight Rating	Nov. 07	MT

Chart Rapid7, Inc.

Duration

Period

More charts

Company Profile

Rapid7, Inc. is engaged in advancing security with visibility, analytics, and automation delivered through its Insight Platform. Its Insight Platform solutions include incident detection and response, cloud security, vulnerability risk management, application security, threat intelligence and security orchestration and automation response. It offers its Insight Platform solutions as software-as-a-service products, on a subscription basis. It provides cloud products across the main pillars of Security Operations (SecOps), which include InsightIDR, InsightCloudSec, InsightVM, InsightAppSec and InsightConnect. Its other products include Threat Intelligence, Nexpose, AppSpider and Metasploit. Its professional service offerings include Penetration Testing, Cybersecurity Maturity Assessments, Security and Incident Response Program Development Services, Internet of things (IoT) and Internet Embedded Device testing, as well as Threat Modeling, TableTop Exercises and Incident Response services.

Sector

Software

Calendar

2024-05-07 - Q1 2024 Earnings Release

Related indices

Russell 2000

More about the company

Income Statement Evolution

More financial data

Analysis / Opinion

INTERVIEW - Jaya Baloo, Rapid7: Cybersecurity budgets are shrinking, which is a cause for concern

October 06, 2023 at 04:13 pm EDT

More Strategies

Ratings for Rapid7, Inc.

Trading Rating

Investor Rating

ESG Refinitiv

C+

More Ratings

Analysts' Consensus

Sell

Buy

Mean consensus

OUTPERFORM

Number of Analysts

Last Close Price

45.85 USD

Average target price

60.73 USD

Spread / Average Target

+32.46%

Consensus

EPS Revisions

Estimates Revisions

Quarterly earnings - Rate of surprise

Company calendar

Sector Other Software

	1st Jan change	Capi.
RAPID7, INC.	-19.56%	2.86B
SYNOPSYS INC.	+5.58%	80.86B
CADENCE DESIGN SYSTEMS, INC.	+3.69%	75.4B
DASSAULT SYSTÈMES SE	-14.62%	52.54B
ATLASSIAN CORPORATION	-24.56%	51.47B
PALANTIR TECHNOLOGIES INC.	+31.16%	48.04B
THE TRADE DESK, INC.	+17.75%	40.73B
SEA LIMITED	+55.21%	35.61B
TAKE-TWO INTERACTIVE SOFTWARE, INC.	-10.24%	24.47B
ROBLOX CORPORATION	-21.24%	22.73B

Other Software

Rapid7, Inc.

Equities

RPD

US7534221046

Software

Rapid7 : Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)

EPS Revisions