Arctic Wolf Presents
The Most Exploited Vulnerabilities of 2022
According to the 1National Vulnerability Database (NVD), there were more than 25,200 vulnerabilities published in 2022. Join us as we explore the 34 most high-profile vulnerabilities – and what makes them so dangerous.
2022 was another record-breaking year for vulnerabilities.
If tools alone were enough to solve the problem, they would have by now. Unfortunately, most organizations aren’t properly staffed or trained to make use of the tools they already have, which means vulnerabilities can end up going ignored. It doesn’t have to be this way.
Learn how the Arctic Wolf® Security Operations Cloud and 24×7 Concierge Security® solutions ensure you’re always ready to fight back against cyberattacks.
Filters
Filters
Clear filters
CVE ID Number
CVE-2021-1647
CVE Patch
7.8 CVSS V3 SCORE
CRITICAL NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:1/12/2021
- Last Modified:1/14/2021
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME Microsoft Defender RCE
An authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.
Product Microsoft Defender
Type Remote Code Execution (RCE)
View Available Blog Posts
- CVE-2022-3602 and CVE-2022-3786 – OpenSSL 3.0.X Critical Vulnerabilities
- New Microsoft Exchange Exploit Chain via “OWASSRF” Leads to RCE
- CVE-2022-3602 and CVE-2022-3786 – OpenSSL 3.0.X Critical Vulnerabilities
- New Microsoft Exchange Exploit Chain via “OWASSRF” Leads to RCE
- CVE-2022-3602 and CVE-2022-3786 – OpenSSL 3.0.X Critical Vulnerabilities
- New Microsoft Exchange Exploit Chain via “OWASSRF” Leads to RCE
Vendor Microsoft
Clear filters
Wondering why the "Top Ten" displays 12 vulnerability results?
Arctic Wolf discussed this in-depth during our April 27th webinar titled "Left of Boom: The Vulnerability Tsunami".
Watch the Webinar to learn more about the top vulnerabilities and how they can impact your organization.
Watch the Webinar to learn more about the top vulnerabilities and how they can impact your organization.
Vulnerability Name
CVE-2022-21907
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:1/11/22
- Last Modified:8/26/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-21907
HTTP protocol stack remote code execution vulnerability.
Product HTTP protocol stack- Windows Internet Information Services (IIS) component
Type Remote Code Execution
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2021-44228 - Log4Shell
CVE Patch
10 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:12/10/21
- Last Modified:8/17/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2021-44228 - Log4Shell
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Product Log4J
Type Remote Code Execution
View Available Blog Posts
Vendor Apache
Vulnerability Name
CVE-2021-20038
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:12/8/21
- Last Modified:5/13/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache https server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
Product SMA100 Series
Type Remote Code Execution
View Available Blog Posts
Vendor SonicWall
Vulnerability Name
CVE-2021-4034
CVE Patch
7.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:1/28/22
- Last Modified:10/25/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2021-4034
A local privilege escalation vulnerability was found on Polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Product Polkit pkexec
Type Privilege Escalation
View Available Blog Posts
Vendor Red Hat
Vulnerability Name
CVE-2022-22536 - ICMAD (Internet Communication Manager Advanced Desync)
CVE Patch
10 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:2/9/22
- Last Modified:10/26/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-22536 - ICMAD (Internet Communication Manager Advanced Desync)
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
Product NetWeaver, Content Server, and Web Dispatcher
Type Remote Code Execution
Vendor SAP
Vulnerability Name
CVE-2022-0847 - Dirty Pipe
CVE Patch
7.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:3/10/22
- Last Modified:8/10/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-0847 - Dirty Pipe
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and as such escalate their privileges on the system.
Product Kernel
Type Privilege Escalation
View Available Blog Posts
Vendor Linux
Vulnerability Name
CVE-2022-1040
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:3/25/22
- Last Modified:10/27/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Product Firewall
Type Authentication Bypass, Remote Code Execution
View Available Blog Posts
Vendor Sophos
Vulnerability Name
CVE-2022-22965 - Spring4Shell
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/1/22
- Last Modified:7/25/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-22965 - Spring4Shell
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Product Spring Framework
Type Remote Code Execution
View Available Blog Posts
Vendor VMware
Vulnerability Name
CVE-2022-22963
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/1/22
- Last Modified:7/28/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Product Spring Cloud Function
Type Remote Code Execution
View Available Blog Posts
Vendor VMware
Vulnerability Name
CVE-2022-22954
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/11/22
- Last Modified:9/9/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Product Workspace ONE Access, Identity Manager, vRealize Automation, and vRealize Suite Lifecycle Manager
Type Remote Code Execution
View Available Blog Posts
Vendor VMware
Vulnerability Name
CVE-2022-22960
CVE Patch
7.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/13/22
- Last Modified:4/21/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-22960
VMware Workspace ONE Access, Identity Manager, and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to the 'root.'
Product Workspace ONE Access, Identity Manager, vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager
Type Privilege Escalation
View Available Blog Posts
Vendor VMware
Vulnerability Name
CVE-2022-26809
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/15/22
- Last Modified:4/19/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-26809
Remote Procedure Call Runtime remote code execution vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528.
Product Remote Procedure Call (RPC) Runtime
Type Remote Code Execution
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2022-1388
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:5/5/22
- Last Modified:9/29/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-1388
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.
Product BIG-IP
Type Authentication Bypass
View Available Blog Posts
Vendor F5
Vulnerability Name
CVE-2022-26923
CVE Patch
8.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:5/10/22
- Last Modified:5/18/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-26923
Active Directory Domain Services elevation of privilege vulnerability.
Product Active Directory Domain Services
Type Privilege Escalation
Vendor Microsoft
Vulnerability Name
CVE-2022-30525
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:5/12/22
- Last Modified:10/19/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-30525
A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Product CGI Program of Some Firewalls
Type Command Injection
View Available Blog Posts
Vendor Zyxel
Vulnerability Name
CVE-2022-22972
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:5/20/22
- Last Modified:5/27/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Product Workspace ONE Access, Identity Manager, vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager
Type Authentication Bypass
View Available Blog Posts
Vendor VMware
Vulnerability Name
CVE-2022-26134
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:6/3/22
- Last Modified:6/30/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Product Confluence Server and Data Center
Type Remote Code Execution
View Available Blog Posts
Vendor Atlassian
Vulnerability Name
CVE-2022-30190
CVE Patch
7.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:6/1/22
- Last Modified:6/7/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability.
Product Windows Support Diagnostic Tool (MSDT)
Type Remote Code Execution
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2022-28219 - Zoho ManageEngine
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/5/22
- Last Modified:10/25/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-28219 - Zoho ManageEngine
ManageEngine ADAudit Plus had some vulnerable API endpoints that allowed an unauthenticated attacker to exploit XML External Entities (XXE), Java deserialization and path traversal vulnerabilities. The chain could be leveraged to perform unauthenticated remote code execution. This issue has been fixed.
Product ManageEngine ADAudit Plus
Type Remote Code Execution
View Available Blog Posts
Vendor Zoho
Vulnerability Name
CVE-2022-31656
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:8/5/22
- Last Modified:8/11/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Product Workspace ONE Access, Identity Manager, vRealize Automation, VMware Cloud Foundation, Access Connector, vIDM Connector, and vRealize Suite Lifecycle Manager
Type Authentication Bypass
View Available Blog Posts
Vendor VMware
Vulnerability Name
CVE-2022-41040
CVE Patch
8.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:10/2/22
- Last Modified:11/7/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-41040
Microsoft Exchange Server elevation of privilege vulnerability.
Product Exchange Server
Type Privilege Escalation
View Available Blog Posts
- Microsoft Exchange On-Prem Zero-Day Vulnerabilities Exploited in the Wild
- Updated Guidance for Microsoft Exchange Zero-Day Vulnerabilities Exploited in the Wild
- Additional Updated Guidance for Microsoft Exchange Zero-Day Vulnerabilities Exploited in the Wild
- CVE-2022-41040 & CVE-2022-41082: Additional Improvements Made to Remediate Microsoft Exchange Zero-Day Vulnerabilities
- Six Actively Exploited Vulnerabilities Patched in Microsoft’s November Security Update
Vendor Microsoft
Vulnerability Name
CVE-2022-41082
CVE Patch
8.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:10/2/22
- Last Modified:11/7/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-41082
Microsoft Exchange Server remote code execution vulnerability.
Product Exchange Server
Type Remote Code Execution
View Available Blog Posts
- Microsoft Exchange On-Prem Zero-Day Vulnerabilities Exploited in the Wild
- Updated Guidance for Microsoft Exchange Zero-Day Vulnerabilities Exploited in the Wild
- Additional Updated Guidance for Microsoft Exchange Zero-Day Vulnerabilities Exploited in the Wild
- CVE-2022-41040 & CVE-2022-41082: Additional Improvements Made to Remediate Microsoft Exchange Zero-Day Vulnerabilities
- Six Actively Exploited Vulnerabilities Patched in Microsoft’s November Security Update
- New Microsoft Exchange Exploit Chain via “OWASSRF” Leads to RCE
Vendor Microsoft
Vulnerability Name
CVE-2022-3236
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:9/23/22
- Last Modified:9/28/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
Product Firewall
Type Remote Code Execution, Code Injection
Vulnerability Name
CVE-2022-40684
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:10/18/22
- Last Modified:10/20/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-40684
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Product FortiOS, FortiProxy, FortiSwitchManager
Type Authentication Bypass
Vulnerability Name
CVE-2022-3602
CVE Patch
7.5 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/1/22
- Last Modified:11/4/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution.
Product OpenSSL
Type Remote Code Execution, Denial of Service (DoS)
View Available Blog Posts
Vendor OpenSSL
Vulnerability Name
CVE-2022-41128
CVE Patch
8.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/9/22
- Last Modified:11/10/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-41128
Windows Scripting Languages remote code execution vulnerability. This CVE ID is unique from CVE-2022-41118.
Product Windows Scripting Language
Type Remote Code Execution
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2022-41073
CVE Patch
7.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/9/22
- Last Modified:11/9/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-41073
Windows Print Spooler elevation of privilege vulnerability.
Product Windows Print Spooler
Type Privilege Escalation
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2022-41125
CVE Patch
7.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/9/22
- Last Modified:11/10/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-41125
Windows CNG Key Isolation Service elevation of privilege vulnerability.
Product Windows CNG Key Isolation Service
Type Privilege Escalation
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2022-41091
CVE Patch
5.4 CVSS V3 SCORE
medium NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/9/22
- Last Modified:11/9/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-41091
Windows Mark of the Web security feature bypass vulnerability. This CVE ID is unique from CVE-2022-41049.
Product Mark of the Web Security Feature
Type Security Feature Bypass
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2022-27925
CVE Patch
7.2 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/20/22
- Last Modified:10/28/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Product Zimbra Collaboration Suite
Type Remote Code Execution
View Available Blog Posts
Vendor Zimbra
Vulnerability Name
CVE-2022-27518
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:12/13/22
- Last Modified:12/14/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-27518
Unauthenticated remote arbitrary code execution.
Product Gateway and ADC
Type Remote Code Execution
Vendor Citrix
Vulnerability Name
CVE-2022-41080 - OWASSRF
CVE Patch
8.8 CVSS V3 SCORE
high NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:11/9/22
- Last Modified:11/10/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-41080 - OWASSRF
Microsoft Exchange Server elevation of privilege vulnerability.
Product Exchange Server
Type Privilege Escalation
View Available Blog Posts
Vendor Microsoft
Vulnerability Name
CVE-2022-29499
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/25/22
- Last Modified:5/5/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-29499
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.
Product MiVoice Connect
Type Remote Code Execution
View Available Blog Posts
Vendor Mitel
Vulnerability Name
CVE-2022-29464
CVE Patch
9.8 CVSS V3 SCORE
critical NVD Risk Rating
x
- Helpful Resources
- Helpful Resources
- Published Date:4/18/22
- Last Modified:9/9/22
- View CVE Patch
- View Most Recent Blog Post
Vulnerability NAME CVE-2022-29464
Unrestricted arbitrary file upload, and remote code to execution vulnerability.
Product API Manager, Identity Server, Identity Server Analytics, Identity Server as Key Manager, Enterprise Integrator, Open Banking AM, Open Banking KM
Type Remote Code Execution
View Available Blog Posts
Vendor WSO2
AVAILABLE FOR DOWNLOAD
What 2022 Showed us When it Comes to Vulnerabilities
While ransomware may make headlines, it’s the more technical, and less covered vulnerabilities that cause the majority of cybercrime.
The sheer volume of vulnerabilities exploded in 2022, with over 25,000 recorded, and CISA shows over 800 have been actively exploited, though that number may be higher.
