Multiple Vulnerabilities in ResourceSpace

A few months ago, while scanning the external attack surface of one of our clients, our autonomous pentesting product NodeZero identified an instance of an application called ResourceSpace exposed to the Internet. ResourceSpace is a digital asset management tool that...

CVE-2021-27927: CSRF to RCE Chain in Zabbix

Summary Zabbix is an enterprise IT network and application monitoring solution. In a routine review of its source code, we discovered a CSRF (cross-site request forgery) vulnerability in the authentication component of the Zabbix UI. Using this vulnerability, an...