Infographic: Web Vulnerabilities in Q4 2021

We saw a downward trend in the overall number of web vulnerabilities during the last quarter of 2021. Despite so, the ratio of high-severity vulnerabilities (CVSS score > 7.0) increased threefold during the period.

See how WAPPLES protect against zero-day and known application vulnerabilities.


2021 Q4 EDB Report Infographic


(Accessibility version below)

Penta Security’s Security Evaluations Team and Cloudbric’s Security Technology Team observed 119 cases of web application vulnerabilities between October and December 2021. A total of 62 cases were observed in October, followed by 38 in November, and 19 in December. Despite a downward trend, the ratio of high-severity vulnerabilities increased threefold during this period.

Below is a breakdown of their CVSS scores:

  • The proportion of high-severity vulnerabilities increased from 6.45% in October to 7.89% in November and 21.05% in December.
  • The proportion of medium-severity vulnerabilities decreased from 58.06% in October to 47.37% in November and December.
  • The proportion of low-severity vulnerabilities fluctuated between 31% and 42%.

Top 5 Web Vulnerabilities Trend:

  1. Cross-Site Scripting – A type of injection where malicious scripts are injected into benign websites to target their users.
  2. SQL Injection – An injection of malicious SQL queries via the input data from the client to the web application server.
  3. Remote Code Execution – An attack that allows the remote execution of commands on the victim’s computer, usually through the installation of malware.
  4. Others
  5. File Upload