Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

Confluence Zero-Day (CVE-2022-26134): Atlassian's OGNL Injection Crisis

An unauthenticated RCE zero-day in Confluence Server was being actively exploited before Atlassian even knew about it. The vulnerability affected virtually every on-premise Confluence installation.

Jun 3, 20225 min read
Vulnerability Analysis

Red Hat JBoss Vulnerability Exploitation: The Persistent Threat of Java Middleware

JBoss application servers have been a recurring target for attackers. From deserialization flaws to exposed management interfaces, the middleware layer remains a critical attack surface.

May 22, 20226 min read
Vulnerability Analysis

Zyxel Firewall CVE-2022-30525: Unauthenticated Command Injection in Your Perimeter Defense

CVE-2022-30525 gave attackers unauthenticated OS command injection on Zyxel firewalls. The irony of a firewall being the weakest point in your network security.

May 12, 20226 min read
Vulnerability Analysis

VMware Workspace ONE CVE-2022-22954: Server-Side Template Injection Goes Enterprise

CVE-2022-22954 in VMware Workspace ONE Access allowed unauthenticated RCE via server-side template injection. Attackers used it to deploy cryptominers and backdoors.

Apr 6, 20226 min read
Vulnerability Analysis

Spring4Shell vs Log4Shell: Comparing Two Java Framework Crises

Both scored 9.8 on CVSS. Both affected millions of Java applications. But Log4Shell and Spring4Shell had fundamentally different blast radii. Here's a direct comparison.

Apr 2, 20226 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965): Remote Code Execution in Spring Framework

A critical RCE in Spring Framework sent Java teams scrambling. While less catastrophic than Log4Shell, Spring4Shell exposed dangerous assumptions about ClassLoader access in Java web applications.

Mar 31, 20225 min read
Vulnerability Analysis

Dirty Pipe (CVE-2022-0847): A Deep Dive into the Linux Kernel Vulnerability

Dirty Pipe allowed any local user to overwrite data in read-only files, including SUID binaries, leading to trivial root escalation. The bug was elegant, dangerous, and surprisingly recent.

Mar 7, 20225 min read
Vulnerability Analysis

SAP ICM CVE-2022-22536: ICMAD Vulnerabilities Hit the Heart of Enterprise Software

CVE-2022-22536 scored a perfect CVSS 10.0, allowing unauthenticated request smuggling in SAP's Internet Communication Manager. Tens of thousands of SAP systems were at risk.

Feb 8, 20226 min read
Vulnerability Analysis

Polkit pkexec Privilege Escalation: CVE-2021-4034 (PwnKit)

A 12-year-old memory corruption bug in Polkit's pkexec gave any unprivileged local user instant root access on virtually every major Linux distribution. Here's why it matters.

Jan 28, 20225 min read
Vulnerability Analysis

Detecting Log4Shell in Your Software Supply Chain

Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.

Dec 18, 20216 min read
Vulnerability Analysis

Log4Shell Vulnerability (CVE-2021-44228) Explained

The most critical vulnerability in a decade dropped on a Friday. Log4Shell affects virtually every Java application and is trivial to exploit. Here's what happened.

Dec 13, 20215 min read
Vulnerability Analysis

Grafana CVE-2021-43798: Directory Traversal in Everyone's Favorite Dashboard Tool

CVE-2021-43798 allowed unauthenticated directory traversal in Grafana, exposing configuration files and credentials. Exploitation was trivial and widespread.

Dec 5, 20216 min read
Vulnerability Analysis (Page 47) — Supply Chain Security Blog | Safeguard