Infographic: Web Vulnerabilities in Q4 2021
We saw a downward trend in the overall number of web vulnerabilities during the last quarter of 2021. Despite so, the ratio of high-severity vulnerabilities (CVSS score > 7.0) increased threefold during the period.
See how WAPPLES protect against zero-day and known application vulnerabilities.
(Accessibility version below)
Penta Security’s Security Evaluations Team and Cloudbric’s Security Technology Team observed 119 cases of web application vulnerabilities between October and December 2021. A total of 62 cases were observed in October, followed by 38 in November, and 19 in December. Despite a downward trend, the ratio of high-severity vulnerabilities increased threefold during this period.
Below is a breakdown of their CVSS scores:
- The proportion of high-severity vulnerabilities increased from 6.45% in October to 7.89% in November and 21.05% in December.
- The proportion of medium-severity vulnerabilities decreased from 58.06% in October to 47.37% in November and December.
- The proportion of low-severity vulnerabilities fluctuated between 31% and 42%.
Top 5 Web Vulnerabilities Trend:
- Cross-Site Scripting – A type of injection where malicious scripts are injected into benign websites to target their users.
- SQL Injection – An injection of malicious SQL queries via the input data from the client to the web application server.
- Remote Code Execution – An attack that allows the remote execution of commands on the victim’s computer, usually through the installation of malware.
- Others
- File Upload