Cybersecurity Authorities List Top 15 Flaws Exploited In 2021

The cybersecurity authorities of the U.S., Australia, Canada, New Zealand and the U.K. have published a list of the 15 biggest vulnerabilities exploited in 2021.

The list includes Log4Shell (CVE-2021-44228), REST API authentication bypass (CVE-2021-40539), ProxyShell (CVE-2021-34523), ProxyShell (CVE-2021-34473), ProxyShell (CVE-2021-31207), ProxyLogon (CVE-2021-27065), ProxyLogon (CVE-2021-26858), ProxyLogon (CVE-2021-26857), ProxyLogon (CVE-2021-26855).

Other flaws include CVE-2021-26084, CVE-2021-21972, CVE-2020-1472, CVE-2020-0688, CVE-2019-11510 and CVE-2018-13379.

The joint advisory also identified 21 additional vulnerabilities commonly exploited by malicious cyber actors in 2021, including those affecting Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure.

The 10 most frequently exploited vulnerabilities between 2016 and 2019 were also published by CISA and the FBI.

“CISA and our partners are releasing this advisory to highlight the risk that the most commonly exploited vulnerabilities pose to both public and private sector networks. We urge all organizations to assess their vulnerability management practices and take action to mitigate risk to the known exploited vulnerabilities,” said CISA Director Jen Easterly.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web