Key Vulnerabilities
The key vulnerabilities in the 2021 Threat Landscape Retrospective included the most significant and highly targeted vulnerabilities published in 2021 and some that were published in prior years. The analysis of activity revealed a detailed list of key vulnerabilities that affected a wide range of vendors, which led to a surge in ransomware attacks across nearly all sectors. Vulnerabilities were identified in the following vendors' products:
|
Accellion |
Adobe | Apache | Apple | Arm | BQE | Cisco | Confluence |
| F5 | FatPipe |
Fortinet |
GhostScript |
|
Ivanti |
Kaseya |
Microsoft |
| Realtek |
RedHat |
Qualcomm |
Solarwinds |
SonicWall |
Swisslog Healthcare |
Vmware |
Zoho |
| OpenSource: Discourse, DNSMASQ, EXIM, Grub2, LinuxK Kernel, OpenSSL, Sudo, WebSVN | Protocols, Stacks, and Software Development Kits (SDKs): BadAlloc, Domain Name Server Ecosystem, Eltima SDK, INFRA:HALT, NAME:WRECK, NUCLEUS:13, NUMBER:JACK | ||||||
Analysis was performed during the creation of the Key Vulnerabilities (2021 Threat Landscape Retrospective) widget to determine the best way to display the key vulnerabilities from 2021, which included legacy vulnerabilities from prior years. In this case, a Vulnerability Published filter for Jan 1, 2021 to December 31, 2021 would not have included the highly targeted legacy vulnerabilities from the years prior to 2021. A better approach was to use the CVE and Plugin Family filters together, as shown below. These filters grouped the CVEs with their respective operating systems and included the key vulnerabilities from the years prior to 2021.
