Arctic Wolf Presents
The Most Exploited Vulnerabilities of 2021
According to the National Vulnerability Database (NVD), there were more than 20,100 vulnerabilities published in 2021. Join us as we explore the 28 most high-profile vulnerabilities – and what makes them so dangerous.
2021 was another record-breaking year for vulnerabilities.
If tools alone were enough to solve the problem, they would have by now. Unfortunately, most organizations aren’t properly staffed or trained to make use of the tools they already have, which means vulnerabilities can end up going ignored. It doesn’t have to be this way.
Learn how the Arctic Wolf® Security Operations Cloud and 24×7 Concierge Security® solutions ensure you’re always ready to fight back against cyberattacks.
Filters
Filters
- Vendor
- Minimum Score V3
- NVD Risk Rating
- Privileges
- Type
CVE ID Number
CVE-2021-1647
CVE Patch
7.8 CVSS V3 SCORE
CRITICAL NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:1/12/2021
- Last Modified:1/14/2021
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Defender RCE
An authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.
Product Microsoft Defender
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-1647
CVE Patch
7.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:1/12/21
- Last Modified:1/14/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Defender RCE
A Microsoft Defender remote code execution vulnerability.
Product Microsoft Defender
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-1675
CVE Patch
8.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:6/8/21
- Last Modified:7/7/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Print Spooler Remote Code Execution
A Windows print spooler elevation of privilege vulnerability.
Product Windows Print Spooler
Type Elevated Privileges
CVE ID Number
CVE-2021-21224
CVE Patch
8.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/26/21
- Last Modified:6/1/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Chromium V8 JavaScript Engine Remote Code Execution
Type confusion in V8 of Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Product Chromium V8
Type Arbitrary Code Execution (ACE)
CVE ID Number
CVE-2021-21985
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:5/26/21
- Last Modified:9/14/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME VMWare vCenter Server Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. A malicious actor with network access to port 443 could exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Product vCenter Server
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-22005
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:9/23/21
- Last Modified:11/30/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME VMWare vCenter Server File Upload
A VMWare vCenter server file upload vulnerability in the vmware-analytics service allows attackers to execute code on vCenter Server.
Product vCenter Server
Type Remote Code Execution (RCE), Arbitrary File Upload
CVE ID Number
CVE-2021-22893
CVE Patch
10.0CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/23/21
- Last Modified:4/28/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Pulse Connect Secure (PCS) Remote Code Execution
An authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.
Product Pulse Connect Secure
Type Remote Code Execution (RCE) for Bypass, Arbitrary Code Execution (ACE) for Bypass
CVE ID Number
CVE-2021-26084
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:8/30/21
- Last Modified:12/13/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Atlassian Confluence Server < 6.13.23, 6.14.0 - 7.12.5 Arbitrary Code Execution
An Atlassian Confluence server vulnerability. The affected versions contain an OGNL injection vulnerability which allows an attacker to execute arbitrary code.
Product Confluence Server
Type Arbitrary Code Execution (ACE)
CVE ID Number
CVE-2021-26855
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:3/2/21
- Last Modified:5/21/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
Product Microsoft Exchange Server
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-26857
CVE Patch
7.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:3/2/21
- Last Modified:3/8/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Unified Messaging Deserialization Vulnerability
A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
Product Microsoft Exchange Server
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-26858
CVE Patch
7.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:3/2/21
- Last Modified:3/8/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.
Product Microsoft Exchange Server
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-27065
CVE Patch
7.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:3/2/21
- Last Modified:5/21/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.
Product Microsoft Exchange Server
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-31207
CVE Patch
7.2CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:5/11/21
- Last Modified:9/21/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Exchange Server Security Feature Bypass Vulnerability
A Microsoft Exchange Server security feature bypass vulnerability.
Product Microsoft Exchange Server
Type Security Feature Bypass
CVE ID Number
CVE-2021-31956
CVE Patch
7.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:6/8/21
- Last Modified:6/14/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Windows NTFS Elevation of Privilege Vulnerability
A Windows NTFS elevation of privilege vulnerability.
Product Windows NTFS
Type Elevated Privileges
CVE ID Number
CVE-2021-33766
CVE Patch
7.5CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:7/14/21
- Last Modified:7/16/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Exchange Server Information Disclosure
Microsoft Exchange Servers contain an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from a target.
Product Exchange Servers
Type Improper Authentication
CVE ID Number
CVE-2021-34473
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:7/14/21
- Last Modified:9/21/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Exchange Server Remote Code Execution Vulnerability
A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
Product Microsoft Exchange Server
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-34523
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:7/14/21
- Last Modified:9/21/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Exchange Server Elevation of Privilege Vulnerability
A Microsoft Exchange Server elevation of privilege vulnerability. This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.
Product Microsoft Exchange Server
Type Elevated Privileges
CVE ID Number
CVE-2021-34527
CVE Patch
8.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:7/2/21
- Last Modified:9/20/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME "PrintNightmare" - Microsoft Windows Print Spooler Remote Code Execution Vulnerability
A Windows print spooler remote code execution vulnerability.
Product Windows
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-36942
CVE Patch
5.3CVSS V3 SCORE
MediumNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:8/12/21
- Last Modified:10/6/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft LSA Spoofing
A Windows Local Security Authority (LSA) spoofing vulnerability "PetitPotam".
Product Windows Local Security Authority (LSA)
Type Authentication Bypass by Spoofing
CVE ID Number
CVE-2021-38647
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:9/15/21
- Last Modified:11/3/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution
An Azure open management infrastructure remote code execution vulnerability.
Product Microsoft Azure Open Management Infrastructure (OMI)
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-40444
CVE Patch
7.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:9/15/21
- Last Modified:12/15/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution
A Microsoft MSHTML remote code execution vulnerability.
Product Microsoft MSHTML
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-40539
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:9/7/21
- Last Modified:11/29/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Zoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass
Zoho ManageEngine ADSelfService Plus versions 6113 and earlier contain an authentication bypass vulnerability which allows for RCE.
Product ManageEngine ADSelfServicePlus
Type Remote Code Execution (RCE) for Bypass, Arbitrary Code Execution (ACE) for Bypass
CVE ID Number
CVE-2021-41773
CVE Patch
7.5CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:10/5/21
- Last Modified:2/7/22
- View CVE Patch
- Read Blog Post
Vulnerability NAME Apache HTTP Server Path Traversal Vulnerability
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete; see CVE-2021-42013.
Product HTTP Server
Type Remote Code Execution (RCE), Directory Traversal
CVE ID Number
CVE-2021-42013
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:10/7/21
- Last Modified:2/7/22
- View CVE Patch
- Read Blog Post
Vulnerability NAME Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal
Apache HTTP server vulnerabilities allow an attacker to use a path traversal attack to map URLs to files outside the expected document root and perform RCE.
Product HTTP Server
Type Remote Code Execution (RCE), Directory Traversal
CVE ID Number
CVE-2021-42292
CVE Patch
7.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/9/21
- Last Modified:11/10/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Excel Security Feature Bypass
A security feature bypass vulnerability in Microsoft Excel can allow a local user to perform arbitrary code execution.
Product Office
Type Arbitrary Code Execution (ACE) for Bypass
CVE ID Number
CVE-2021-42321
CVE Patch
8.8CVSS V3 SCORE
HighNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/9/21
- Last Modified:11/10/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Microsoft Exchange Server Remote Code Execution
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Product Exchange
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-44077
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/28/21
- Last Modified:12/28/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Zoho ManageEngine ServiceDesk Plus Remote Code Execution
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to an unauthenticated remote code execution.
Product ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-44228
CVE Patch
10.0CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:12/10/21
- Last Modified:2/7/22
- View CVE Patch
- Read Blog Post
Vulnerability NAME Apache Log4j2 Remote Code Execution
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
Product Log4j2
Type Remote Code Execution (RCE)
CVE ID Number
CVE-2021-44515
CVE Patch
9.8CVSS V3 SCORE
CriticalNVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:12/12/21
- Last Modified:12/16/21
- View CVE Patch
- Read Blog Post
Vulnerability NAME Zoho Corp. Desktop Central Authentication Bypass Vulnerability
Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
