Vulnerability Landscape

The top five vulnerabilities of 2022 as described in Tenable's 2022 Threat Landscape Report:

1. Log4shell, Apache Log4j - CVE-2021-44228

2. Follina, Microsoft Support Diagnostic Tool - CVE-2022-30190

3. Atlassian Confluence Server and Data Center - CVE-2022-26134

4. ProxyShell, Microsoft Exchange Server - CVE-2021-34473

5. Known Vulnerabilities - CVE-20XX-XXXX

NOTE: Vulnerabilities are identified by their Common Vulnerabilities and Exposure (CVE) identifier. A CVE identifier consists of the letters CVE followed by the year and a sequence number (CVE-YYY-SSSSSSS). Currently, sequence numbers can be up to 7 digits in length, but are typically shorter. Both Tenable Vulnerability Management and Tenable Security Center provide a method to search for CVE identifiers using the CVE ID filter. More than a single CVE ID can be within a single CVE ID filter by separating the CVE IDs with a comma.

Additional filters can be used to narrow, or focus vulnerability results. For example, Plugin Family filters can narrow results to specific device families. Tagging can be used to group assets and tags can then be used as a filter. Date Ranges, State, Vulnerability Priority Rating (VPR), CVSS Base Scores, Exploitability Ease, and even Severity rating can be utilized to focus, narrow and refine results. More information on available filters can be found here: Tenable Vulnerability Management Vulnerability filters, Tenable Security Center Vulnerability Filters.

Specific scan templates, known as Tactical Scan Templates are pre-configured to scan for specific vulnerabilities, such as Log4Shell, ProxyLogon, and specific vulnerabilities identified by the Threat Landscape Report.

These predefined templates can be found under Vulnerability Management → Scans → Select a Scan Template in Tenable Vulnerability Management, or Scans → Policies → Add a Policy in Tenable Security Center.