2022 was a busy year for cybersecurity. A record-breaking number of security advisories were published, and many significant vulnerabilities were the cause of data breaches, ransomware attacks and other types of threats.
Top 3 most critical vulnerabilities:
- Log4Shell/Log4j (CVE-2021-44228), even with its disclosure in December 2021 , many organizations are still struggling to identify and patch the vulnerability.
- Spring4Shell (CVE-2022-22965), still many systems remain unpatched despite the risk.
- ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) in Exchange.
DOWNLOAD THE REPORT HERE
Interesting facts and trends:
- 2022 is the year with the most recorded Secunia Advisories since 2002
- Average Threat Score of 2022: 13.66 (click here to learn how we calculate this)
- Average CVSS3 Score of 2022: 7.35
- Less Extreme Critical Advisories have been reported in 2022 : 44 (2021: 60)
- 85 Advisories reported a zero-day vulnerability. (2021: 81)
- More than 50% of all Advisories are for Vulnerabilities in Unix/Linux operating systems.
- More than 50% of all rejected Advisories are also for Unix/Linux operating systems.
- Almost 79% of all Networking related Advisories are for Cisco, NetApp and Juniper.
- About Microsoft:
- 4% of all Advisories were for Microsoft which placed them on 8th place of Vendor ranking.
- More than 56% of all Zero-Days were related to Microsoft Products (first place).
- None of the top 4 vendors with most Advisories ( SUSE, IBM, Red Hat, Ubuntu) had any Zero-Day reported in 2022.
- 131 Advisories were related to Log4j,
- last Advisory was released in November (11 months later) for IBM Security QRadar SIEM 7.x
62 Log4j related Advisories were linked to IBM Products
33 of them were rejected Advisories with various reasons including “ the respective product does not have the vulnerable log4j component...”
- Less than 11% of all Advisories had a High to Critical Threat Score which means that there was evidence of exploitation.
- Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.