fbpx
Techitup Middle East
B2B TechnologyCybersecurity

Qualys: Common Vulnerabilities and Exposures Rise by 30% in 2024 

From January to mid-July, the annual count of reported Common Vulnerabilities and Exposures (CVEs) rose by about 30%, from 17,114 in 2023 to 22,254 in 2024. This trend highlights a growing security challenge and the need for enhanced cybersecurity measures. 

According to new research from the Qualys Threat Research Unit (TRU), between January to mid-July, the Common Vulnerabilities and Exposures count rose by 30% from 17,114 in 2023 to 22,254 in 2024. The increase in Common Vulnerabilities and Exposures reflect rising software complexity and the broader use of technology, necessitating advanced and dynamic vulnerability management strategies to mitigate evolving cybersecurity threats. 

A thorough analysis of the 22,254 reported vulnerabilities during the initial seven and a half months of 2024 (up until the research cut-off date of July 21, 2024) reveals that a precise subset of 0.91% (almost 1%) has been weaponized, and a very small fraction accounts for the most severe threats. This subset represents the highest risk, characterized by weaponized exploits, active exploitation through ransomware, threat actors, malware, or confirmed wild exploitation instances.  

Advertisement

The analysis also indicates an increase in the weaponization of old Common Vulnerabilities and Exposures since the onset of 2024. Over the last 7.5 months, there has been a notable increase, slightly over 10%, in the weaponization of older CVEs identified before 2024, which is a stark reminder that cybersecurity is not just about staying ahead but also about not falling behind. Some of these vulnerabilities have been trending on the dark web for months. An example is Common Vulnerabilities and Exposure-2023-43208 NextGen Mirth Connect Java XStream (Qualys Vulnerability Score 95/100), which heavily involves systems used by healthcare organizations.  

Mid-2024’s Most Wanted: Top 10 Exploited Vulnerabilities 

In 2024, a select group of vulnerabilities have emerged as particularly prevalent targets for cyberattacks. Qualys ranks vulnerabilities based on their prevalence and impact, integrating multiple factors such as CVSS base scores, exploit code maturity, real-time threat indicators, and evidence of active exploitation, among others, for a comprehensive assessment.  

This Top 10 ranking reflects their current significance in the cyber threat landscape. This designation is derived from an analysis incorporating data from over 25 distinct threat intelligence sources utilized by Qualys. 

Critical Contenders: Just Missed the Cut 

While the top 10 list captures the most crucial vulnerabilities of mid-2024, a few just missed the cut but demanded attention due to their high severity and potential impact. These vulnerabilities are critical for organizations to address immediately. 

  • CVE-2023-22527 (Atlassian Confluence): This severe remote code execution vulnerability, with a QVS of 95 and a CVSS score of 9.8, allows attackers to run arbitrary code on affected installations.  
  • CVE-2023-48788 (FortiClient EMS): This SQL injection flaw, which scores a QVS of 95 and a CVSS of 9.8, poses a high risk by allowing attackers to manipulate databases and access sensitive information. 
  • CVE-2024-24919 (Check Point Security Gateways): This information disclosure vulnerability, although it has a slightly lower CVSS score of 8.6, and a QVS of 95, can leak sensitive data. 

All of the above vulnerabilities are listed on the CISA KEV, highlighting their recognized significance, exploitation in the wild, and potential impact. While not included in the top 10, each presents a clear and present danger to network security and requires prompt attention from cybersecurity teams to mitigate risks effectively and protect sensitive systems. 

Related posts

MBZUAI Launches Five New LLMs

Editor

Spot by NetApp Achieves FinOps Foundation Certification 

Editor

Leave a Comment