Top 12 Routinely Exploited Vulnerabilities: • CVE-2018-13379. This vulnerability, affecting Fortinet SSL VPNs, was also routinely exploited in 2020 and 2021. The continued exploitation indicates that many organizations failed to patch software in a timely manner and remain vulnerable to malicious cyber actors. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2021-34473, CVE-2021-31207, CVE-2021-34523. These vulnerabilities, known as ProxyShell, affect Microsoft Exchange email servers. In combination, successful exploitation enables a remote actor to execute arbitrary code. These vulnerabilities reside within the Microsoft Client Access Service (CAS), which typically runs on port 443 in Microsoft Internet Information Services (IIS) (e.g., Microsoft’s web server). CAS is commonly exposed to the internet to enable users to access their email via mobile devices and web browsers. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2021-40539. This vulnerability enables unauthenticated remote code execution (RCE) in Zoho ManageEngine ADSelfService Plus and was linked to the usage of an outdated third-party dependency. Initial exploitation of this vulnerability began in late 2021 and continued throughout 2022. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2021-26084. This vulnerability, affecting Atlassian Confluence Server and Data Center (a web-based collaboration tool used by governments and private companies) could enable an unauthenticated cyber actor to execute arbitrary code on vulnerable systems. This vulnerability quickly became one of the most routinely exploited vulnerabilities after a PoC was released within a week of its disclosure. Attempted mass exploitation of this vulnerability was observed in September 2021. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2021-44228. This vulnerability, known as Log4Shell, affects Apache’s Log4j library, an open-source logging framework incorporated into thousands of products worldwide. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system, causing the execution of arbitrary code. The request allows a cyber actor to take full control of a system. The actor can then steal information, launch ransomware, or conduct other malicious activity.[1] Malicious cyber actors began exploiting the vulnerability after it was publicly disclosed in December 2021, and continued to show high interest in CVE-2021-44228 through the first half of 2022. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2022-22954, CVE-2022-22960. These vulnerabilities allow RCE, privilege escalation, and authentication bypass in VMware Workspace ONE Access, Identity Manager, and other VMware products. A malicious cyber actor with network access could trigger a server-side template injection that may result in remote code execution. Exploitation of CVE-2022-22954 and CVE-2022-22960 began in early 2022 and attempts continued throughout the remainder of the year. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2022-1388. This vulnerability allows unauthenticated malicious cyber actors to bypass iControl REST authentication on F5 BIG-IP application delivery and security software. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2022-30190. This vulnerability impacts the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated cyber actor could exploit this vulnerability to take control of an affected system. 
Top 12 Routinely Exploited Vulnerabilities: • CVE-2022-26134. This critical RCE vulnerability affects Atlassian Confluence and Data Center. The vulnerability, which was likely initially exploited as a zero-day before public disclosure in June 2022, is related to an older Confluence vulnerability (CVE-2021-26084), which cyber actors also exploited in 2022.
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2018-13379 Fortinet FortiOS and FortiProxy SSL VPN credential exposure CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2021-34473 (Proxy Shell) Microsoft Exchange Server RCE CWE-918 Server-Side Request Forgery (SSRF) 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2021-31207 (Proxy Shell) Microsoft Exchange Server Security Feature Bypass CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2021-34523 (Proxy Shell) Microsoft Exchange Server Elevation of Privilege CWE-287 Improper Authentication 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2021-40539 Zoho ManageEngine ADSelfService Plus RCE/ Authentication Bypass CWE-287 Improper Authentication 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2021-26084 Atlassian Confluence Server and Data Center Arbitrary code execution CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2021-44228 (Log4Shell) Apache Log4j2 RCE CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') CWE-20 Improper Input Validation CWE-400 Uncontrolled Resource Consumption CWE-502 Deserialization of Untrusted Data 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2022-22954 VMware Workspace ONE Access and Identity Manager RCE CWE-94 Improper Control of Generation of Code ('Code Injection') 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2022-22960 VMware Workspace ONE Access, Identity Manager, and vRealize Automation Improper Privilege Management CWE-269 Improper Privilege Management 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2022-1388 F5 Networks BIG-IP Missing Authentication Vulnerability CWE-306 Missing Authentication for Critical Function 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2022-30190 Microsoft Multiple Products RCE None Listed 
Table 1 "Top 12 Routinely Exploited Vulnerabilities in 2022": CVE-2022-26134 Atlassian Confluence Server and Data Center RCE CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2017-0199 Microsoft Multiple Products Arbitrary Code Execution None Listed 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2017-11882 Microsoft Exchange Server Arbitrary Code Execution CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2019-11510 Ivanti Pulse Secure Pulse Connect Secure Arbitrary File Reading CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2019-0708 Microsoft Remote Desktop Services RCE CWE-416: Use After Free 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2019-19781 Citrix Application Delivery Controller and Gateway Arbitrary Code Execution CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2020-5902 F5 Networks BIG-IP RCE CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2020-1472 Microsoft Multiple Products Privilege Escalation CWE-330: Use of Insufficiently Random Values 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2020-14882 Oracle WebLogic Server RCE None Listed 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2020-14883 Oracle WebLogic Server RCE None Listed 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-20016 SonicWALL SSLVPN SMA100 SQL Injection CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-26855 (ProxyLogon) Microsoft Exchange Server RCE CWE-918: Server-Side Request Forgery (SSRF) 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-27065 (ProxyLogon) Microsoft Exchange Server RCE CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-26858 (ProxyLogon) Microsoft Exchange Server RCE None Listed 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-26857 (ProxyLogon) Microsoft Exchange Server RCE CWE-502: Deserialization of Untrusted Data 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-20021 SonicWALL Email Security Privilege Escalation Exploit Chain CWE-269: Improper Privilege Management 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-40438 Apache HTTP Server Server-Side Request Forgery CWE-918: Server-Side Request Forgery (SSRF) 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-41773 Apache HTTP Server Server Path Traversal CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-42013 Apache HTTP Server Server Path Traversal CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-20038 SonicWall SMA 100 Series Appliances Stack-based Buffer Overflow CWE-787: Out-of-bounds Write CWE-121: Stack-based Buffer Overflow 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2021-45046 Apache Log4j RCE CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-42475 Fortinet FortiOS Heap-based Buffer Overflow CWE-787: Out-of-bounds Write 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-24682 Zimbra Collaboration Suite ‘Cross-site Scripting’ CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-22536 SAP Internet Communication Manager (ICM) HTTP Request Smuggling CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-22963 VMware Tanzu Spring Cloud RCE CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-29464 WSO2 Multiple Products RCE CWE-434: Unrestricted Upload of File with Dangerous Type 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-27924 Zimbra Zimbra Collaboration Suite Command Injection CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-22047 Microsoft Windows CSRSS Elevation of Privilege CWE-269: Improper Privilege Management 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-27593 QNAP QNAP NAS Externally Controlled Reference CWE-610: Externally Controlled Reference to a Resource in Another Sphere 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-41082 Microsoft Exchange Server Privilege Escalation None Listed 
Table 2 "30 Additional Routinely Exploited Vulnerabilities in 2022": CVE-2022-40684 Fortinet FortiOS, FortiProxy, FortiSwitchManager Authentication Bypass CWE-306: Missing Authentication for Critical Function