Key Vulnerabilities
The key vulnerabilities in the Tenable 2022 Threat Landscape Report included the most significant and highly targeted vulnerabilities published in 2022 and some that were published in prior years. The analysis of activity revealed a detailed list of key vulnerabilities that affected a wide range of vendors, which led to a surge in ransomware attacks across nearly all sectors. Vulnerabilities were identified in the following vendor products:
Adobe |
Amazon Web Services | Apache | Apple | Arm | Atlassian | Cisco | Citrix |
F5 | Fortinet |
|
GhostScript |
|
Magnitude Simba |
Microsoft |
Mitel |
Mozilla |
Nooie |
Okta |
Open Source |
Oracle |
Palo Alto Networks |
Polkit |
PTC |
Pulse Secure | RARLAB | SAP | Solarwinds | SonicWall | Sophos | Trend Micro | VMWare |
WordPress Plugin | Zimbra | Zoho | Zoom |
Within the 2022 TLR, data is presented across several pie charts by vendor and software/hardware type. The same grouping is leveraged to facilitate a simple correlation between the TLR and Tenable vulnerability data in tenable.io and tenable.sc. CVE can be viewed and grouped together into categories that make sense to organizations, for example, group all Microsoft CVEs together. Choose Select Filters, then type CVE in the window, and check the CVE box to conduct a Findings search using grouped CVE. Then enter the CVE in the search box.
Clicking on the Advanced link enables users to write out a filter manually. In the example provided below, several CVEs from the 2022 TLR are used in conjunction with a State and Last Seen filter to reduce the results to a very specific range.
The widget 2022 TLR Key Vulnerabilities displays cells for the most significant vulnerabilities of 2022 using CVE filters from the 2022 Threat Landscape Report. These filters display the key vulnerabilities from 2022 as well as the notable known vulnerabilities from prior years.