The Most Exploited Vulnerabilities of 2021

Arctic Wolf Presents

The Most Exploited Vulnerabilities of 2021

According to the National Vulnerability Database (NVD), there were more than 20,100 vulnerabilities published in 2021. Join us as we explore the 28 most high-profile vulnerabilities – and what makes them so dangerous.

2021 was another record-breaking year for vulnerabilities.

If tools alone were enough to solve the problem, they would have by now. Unfortunately, most organizations aren’t properly staffed or trained to make use of the tools they already have, which means vulnerabilities can end up going ignored. It doesn’t have to be this way.
Learn how the Arctic Wolf® Security Operations Cloud and 24×7 Concierge Security® solutions ensure you’re always ready to fight back against cyberattacks.
Filters

Filters

Minimum Score:

CVE ID Number

CVE-2021-1647

aw-bandaid-icon-white-lg.png
CVE Patch

7.8 CVSS V3 SCORE

CRITICAL NVD Risk Rating

Vulnerability NAME Microsoft Defender RCE

An authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.

Product Microsoft Defender

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-1647

Band-Aid Icon
CVE Patch

7.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Defender RCE

A Microsoft Defender remote code execution vulnerability.

Product Microsoft Defender

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-1675

Band-Aid Icon
CVE Patch

8.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Print Spooler Remote Code Execution

A Windows print spooler elevation of privilege vulnerability.

Product Windows Print Spooler

Type Elevated Privileges

Vendor Microsoft

CVE ID Number

CVE-2021-21224

Band-Aid Icon
CVE Patch

8.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Chromium V8 JavaScript Engine Remote Code Execution

Type confusion in V8 of Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Product Chromium V8

Type Arbitrary Code Execution (ACE)

Vendor Google

CVE ID Number

CVE-2021-21985

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME VMWare vCenter Server Remote Code Execution

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. A malicious actor with network access to port 443 could exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Product vCenter Server

Type Remote Code Execution (RCE)

Vendor VMWare

CVE ID Number

CVE-2021-22005

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME VMWare vCenter Server File Upload

A VMWare vCenter server file upload vulnerability in the vmware-analytics service allows attackers to execute code on vCenter Server.

Product vCenter Server

Type Remote Code Execution (RCE), Arbitrary File Upload

Vendor VMWare

CVE ID Number

CVE-2021-22893

Band-Aid Icon
CVE Patch

10.0CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Pulse Connect Secure (PCS) Remote Code Execution

An authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.

Product Pulse Connect Secure

Type Remote Code Execution (RCE) for Bypass, Arbitrary Code Execution (ACE) for Bypass

Vendor Pulse

CVE ID Number

CVE-2021-26084

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Atlassian Confluence Server < 6.13.23, 6.14.0 - 7.12.5 Arbitrary Code Execution

An Atlassian Confluence server vulnerability. The affected versions contain an OGNL injection vulnerability which allows an attacker to execute arbitrary code.

Product Confluence Server

Type Arbitrary Code Execution (ACE)

Vendor Atlassian

CVE ID Number

CVE-2021-26855

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Microsoft OWA Exchange Control Panel (ECP) Exploit Chain

A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

Product Microsoft Exchange Server

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-26857

Band-Aid Icon
CVE Patch

7.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Unified Messaging Deserialization Vulnerability

A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

Product Microsoft Exchange Server

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-26858

Band-Aid Icon
CVE Patch

7.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft OWA Exchange Control Panel (ECP) Exploit Chain

A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.

Product Microsoft Exchange Server

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-27065

Band-Aid Icon
CVE Patch

7.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft OWA Exchange Control Panel (ECP) Exploit Chain

Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.

Product Microsoft Exchange Server

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-31207

Band-Aid Icon
CVE Patch

7.2CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Exchange Server Security Feature Bypass Vulnerability

A Microsoft Exchange Server security feature bypass vulnerability.

Product Microsoft Exchange Server

Type Security Feature Bypass

Vendor Microsoft

CVE ID Number

CVE-2021-31956

Band-Aid Icon
CVE Patch

7.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Windows NTFS Elevation of Privilege Vulnerability

A Windows NTFS elevation of privilege vulnerability.

Product Windows NTFS

Type Elevated Privileges

Vendor Microsoft

CVE ID Number

CVE-2021-33766

Band-Aid Icon
CVE Patch

7.5CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Exchange Server Information Disclosure

Microsoft Exchange Servers contain an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from a target.

Product Exchange Servers

Type  Improper Authentication

Vendor Microsoft

CVE ID Number

CVE-2021-34473

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Microsoft Exchange Server Remote Code Execution Vulnerability

A Microsoft Exchange Server remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

Product Microsoft Exchange Server

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-34523

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Microsoft Exchange Server Elevation of Privilege Vulnerability

A Microsoft Exchange Server elevation of privilege vulnerability. This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.

Product Microsoft Exchange Server

Type Elevated Privileges

Vendor Microsoft

CVE ID Number

CVE-2021-34527

Band-Aid Icon
CVE Patch

8.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME "PrintNightmare" - Microsoft Windows Print Spooler Remote Code Execution Vulnerability

A Windows print spooler remote code execution vulnerability.

Product Windows

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-36942

Band-Aid Icon
CVE Patch

5.3CVSS V3 SCORE

MediumNVD Risk Rating

Vulnerability NAME Microsoft LSA Spoofing

A Windows Local Security Authority (LSA) spoofing vulnerability "PetitPotam".

Product Windows Local Security Authority (LSA)

Type Authentication Bypass by Spoofing

Vendor Microsoft

CVE ID Number

CVE-2021-38647

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution

An Azure open management infrastructure remote code execution vulnerability.

Product Microsoft Azure Open Management Infrastructure (OMI)

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-40444

Band-Aid Icon
CVE Patch

7.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution

A Microsoft MSHTML remote code execution vulnerability.

Product Microsoft MSHTML

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-40539

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Zoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass

Zoho ManageEngine ADSelfService Plus versions 6113 and earlier contain an authentication bypass vulnerability which allows for RCE.

Product ManageEngine ADSelfServicePlus

Type Remote Code Execution (RCE) for Bypass, Arbitrary Code Execution (ACE) for Bypass

Vendor Zoho

CVE ID Number

CVE-2021-41773

Band-Aid Icon
CVE Patch

7.5CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Apache HTTP Server Path Traversal Vulnerability

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied," these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete; see CVE-2021-42013.

Product HTTP Server

Type Remote Code Execution (RCE), Directory Traversal

Vendor Apache

CVE ID Number

CVE-2021-42013

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal

Apache HTTP server vulnerabilities allow an attacker to use a path traversal attack to map URLs to files outside the expected document root and perform RCE.

Product HTTP Server

Type Remote Code Execution (RCE), Directory Traversal

Vendor Apache

CVE ID Number

CVE-2021-42292

Band-Aid Icon
CVE Patch

7.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Excel Security Feature Bypass

A security feature bypass vulnerability in Microsoft Excel can allow a local user to perform arbitrary code execution.

Product Office

Type Arbitrary Code Execution (ACE) for Bypass

Vendor Microsoft

CVE ID Number

CVE-2021-42321

Band-Aid Icon
CVE Patch

8.8CVSS V3 SCORE

HighNVD Risk Rating

Vulnerability NAME Microsoft Exchange Server Remote Code Execution

An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Product Exchange

Type Remote Code Execution (RCE)

Vendor Microsoft

CVE ID Number

CVE-2021-44077

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Zoho ManageEngine ServiceDesk Plus Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to an unauthenticated remote code execution.

Product ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus

Type Remote Code Execution (RCE)

Vendor Zoho

CVE ID Number

CVE-2021-44228

Band-Aid Icon
CVE Patch

10.0CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Apache Log4j2 Remote Code Execution

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Product Log4j2

Type Remote Code Execution (RCE)

Vendor Apache

CVE ID Number

CVE-2021-44515

Band-Aid Icon
CVE Patch

9.8CVSS V3 SCORE

CriticalNVD Risk Rating

Vulnerability NAME Zoho Corp. Desktop Central Authentication Bypass Vulnerability

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

Product Desktop Central

Type Exec code bypass

Vendor Zoho Corporation

No Results

More Resources