This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

2022 Flexera Annual Vulnerability Review Report

jbraak
By Level 4 Flexeran
Level 4 Flexeran

 

2022 was a busy year for cybersecurity. A record-breaking number of security advisories were published, and many significant vulnerabilities were the cause of data breaches, ransomware attacks and other types of threats.

Top 3 most critical vulnerabilities:

  1. Log4Shell/Log4j (CVE-2021-44228), even with its disclosure in December 2021 , many organizations are still struggling to identify and patch the vulnerability.
  2. Spring4Shell (CVE-2022-22965), still many systems remain unpatched despite the risk.
  3. ProxyNotShell (CVE-2022-41040 and CVE-2022-41082) in Exchange.

DOWNLOAD THE REPORT HERE

Interesting facts and trends:

  • 2022 is the year with the most recorded Secunia Advisories since 2002
  • Average Threat Score of 2022:  13.66 (click here to learn how we calculate this)
  • Average CVSS3 Score of 2022:     7.35
  • Less Extreme Critical Advisories have been reported in 2022 : 44  (2021: 60)
  • 85 Advisories reported a zero-day vulnerability. (2021: 81)
  • More than 50% of all Advisories are for Vulnerabilities in  Unix/Linux operating systems.  
  • More than 50% of all rejected Advisories are also for Unix/Linux operating systems.
  • Almost 79% of all Networking related Advisories are for Cisco, NetApp and Juniper.
  • About Microsoft:
    • 4% of all Advisories were for Microsoft which placed them on 8th place of Vendor ranking.
    • More than 56% of all Zero-Days were related to Microsoft Products (first place).
  • None of the top 4 vendors with most Advisories ( SUSE, IBM, Red Hat, Ubuntu) had any Zero-Day reported in 2022.
  • Log4j:
    • 131 Advisories were related to Log4j,
    • last Advisory was released in November (11 months later) for IBM Security QRadar SIEM 7.x
      62 Log4j related Advisories were linked to IBM Products
      33 of them were rejected Advisories with various reasons including “ the respective product does not have the vulnerable log4j component...”
  • Less than 11% of all Advisories had a High to Critical Threat Score which means that there was evidence of exploitation.
    • Using Threat Intelligence is going to help you with prioritizing what needs to be patched immediately.svm-number-of-advisories-with-threat-associated.png
‎May 08, 2023 02:31 AM
0 Kudos