Remote execution holes in Log4j, Exchange and Confluence lead Five Eyes 2021 exploited CVE list

Written by , APAC Editor Chris Duckett APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio Image: Shutterstock

During 2021, the top 15 vulnerabilities that were exploited — as observed by the US Cybersecurity and Infrastructure Security Agency, US NSA, US FBI, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre, and the United Kingdom’s National Cyber Security Centre — led to remote code execution (RCE) across a range of products, and left IT administrators with a short window to keep their house in order.

“For most of the top exploited vulnerabilities, researchers or other actors released proof of concept code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors,” the agencies said in an alert.

Topping the list was the RCE hole in Java logging library

Read More: