Highlights of Patch Watch Issue 14
We have 11 vulnerabilities that are known exploits. Here are our findings –
7 CVEs are RCE bugs.
2 CVEs linked to Webapps.
7 CVEs are rated critical and 1 is of medium severity.
245 Old vulnerabilities have been fixed, ranging from the year 2015 to 2020.
4 CVEs have known exploits with RCE and webapp.
39 CVEs are rated high and 108 are of high severity.
Notably, 52% of vulnerabilities are older weaknesses, and RCE flaws continue to be the major source of attack vectors that result in increasing cyber incidents and data breaches.
CISA has issued an alert for two vulnerabilities that have a high severity rating. Based on Common Weakness Enumeration (CWE) analysis, CVE-2021-1531 is categorized under CWE -74 (Improper Neutralization of Input During Web Page Generation), and CVE-2020-7774 as CWE – 20 (Improper Input Validation), which falls under the Top 3 dangerous Software Weaknesses 2020.
Table: Security Patches
We know that security teams are inundated with more patches than they can handle but attackers need only one vulnerability to bring down an organization or halt a supply chain.
CSW’s Patch Watch helps organizations and their overworked security teams patch the most critical vulnerabilities and improve their security posture. Get on our mailing list for more information about emerging threats.
Protect your organization with Attack Surface Management as a Service. Talk to us.