2022 Top Routinely Exploited Vulnerabilities

Hello, fellow tech enthusiasts and cybersecurity-conscious readers! In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is essential. Every year, new vulnerabilities are discovered, and cybercriminals work tirelessly to exploit them. In 2022, some vulnerabilities took center stage as they were routinely targeted by malicious actors. As we embark on a journey into the fascinating world of cybersecurity, we’ll explore the top routinely exploited vulnerabilities that dominated headlines in 2022. So, grab your favorite beverage, get comfy, and let’s dive into the captivating world of cybersecurity!

1. Log4Shell (CVE-2021-44228)

Kicking off our list is the notorious Log4Shell vulnerability. While it first came to light at the end of 2021, its impact rippled into 2022. It affects Apache’s Log4j library, an open-source logging framework incorporated into thousands of products worldwide. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system, causing the execution of arbitrary code. This request will allow the attackers to gain control over applications. Thanks to the cybersecurity community’s swift response, patches were released, but it serves as a reminder of the importance of regular updates and monitoring. 

2. CVE- 2018-13379 

This vulnerability, affecting Fortinet SSL VPNs, was also routinely exploited in 2022 and 2021. The continued exploitation indicates that many organizations failed to patch software in a timely manner and remain vulnerable to malicious cyber actors.

3. ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)

These vulnerabilities known as ProxyShell, affect Microsoft Exchange email servers. ProxyShell was another major vulnerability that made headlines in 2022. It consisted of three separate vulnerabilities in Microsoft Exchange Server, enabling attackers to gain unauthorized access to email servers. Regularly applying security updates from Microsoft is essential to protect your organization from ProxyShell attacks.

4. CVE-2021-40539

This vulnerability enables unauthenticated remote code execution (RCE) in Zoho ManageEngine ADSelfService Plus and was linked to the usage of an outdated third-party dependency. Initial exploitation of this vulnerability began in late 2021 and continued throughout 2022.

5. CVE-2021-26084

It is an object-graph navigation language (OGNL) injection vulnerability that could allow an unauthenticated threat actor to execute arbitrary code on a Confluence Server or Data Center instance.

6. CVE-2022-22954, CVE-2022-22960

These vulnerabilities are RCE, privilege escalation, and authentication bypass vulnerabilities in VMware Workspace ONE Access, Identity Manager, and other VMware products. A malicious cyber actor with network access could trigger a server-side template injection that may result in remote code execution. Exploitation of CVE-2022-22954 and CVE-2022-22960 began in early 2022 and attempts continued throughout the remainder of the year.

7. CVE-2022-1388

This is a vulnerability in F5 BIG-IP that could allow unauthenticated threat actors to execute arbitrary system commands, create or delete files, or disable services.

8. CVE-2022-30190

This is a remote code execution vulnerability affecting Microsoft Windows Support Diagnostic Tool (MSDT) that could allow a remote, unauthenticated threat actor to take control of the system.

9. CVE-2022-26134

This is a remote code execution vulnerability in Atlassian Confluence Data Center and Server. The vulnerability, which was likely initially exploited as a zero-day before public disclosure in June 2022, is related to an older Confluence vulnerability (CVE-2021-26084), which cyber actors also exploited in 2022.

Additional “popular” vulnerabilities

Among the other often exploited vulnerabilities listed, there are bugs in solutions by Citrix (CVE-2019-19781), Microsoft (CVE-2017-0199), CVE-2017-11882, CVE-2020-1472, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, CVE-2021-26857, CVE-2022-41082, Ivanti (CVE-2019-11510), SonicWALL (CVE-2021-20021, CVE-2021-20038), Fortinet (CVE-2022-42475, CVE-2022-40684), QNAP (CVE-2022-27593), and other software manufacturers.

Some of the vulnerabilities in these lists date back to 2017 and 2018 and are still being widely exploited.

Staying informed about the top routinely exploited vulnerabilities is a fundamental aspect of cybersecurity. By understanding these threats and taking proactive measures, you can protect your systems and data from malicious actors. 


  • Keep all software and libraries up to date.
  • Turn on Multi Factor Authentication or Two Factor Authentication.
  • Regularly monitor your systems for suspicious activity.
  • Develop an incident response plan to mitigate potential threats.
  • Use strong passwords and VPN
  • Invest in cybersecurity software
  • Think before you click on links that look a little off.
  • Be aware of common attack methods.

Cybersecurity is an ongoing process, and by staying vigilant and informed, you can reduce the risk of falling victim to the latest vulnerabilities and attacks in 2022 and beyond. Let’s take this knowledge and use it to build a safer digital world for all of us. Cheers to a more secure and resilient cyber landscape in 2023 and beyond! Stay secure, stay informed!


2022 Top Routinely Exploited Vulnerabilities | CISA

CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022  | CISA

AA23-215A: 2022’s Top Routinely Exploited Vulnerabilities – Blog | Tenable®

How to Protect Yourself from Software Vulnerabilities – Blog | Tenable®

Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He writes on cybersecurity and board management for both corporate and nonprofit boards.

Paul Bergman
Follow me