Over 34% of vulnerabilities reported in first half of 2019 lack patches
- Out of the 11,092 reported vulnerabilities, 14.7% (1630) of them are critical ones with CVSSv2 scores over 9.0.
- Five top vendors accounted for nearly 24% of the vulnerabilities reported in the first half of 2019.
What is the problem?
According to Risk Based Security’s ‘The 2019 Mid-Year Vulnerability Report’, over 34% (3771) of all the vulnerabilities reported in the first half of 2019 do not have a documented solution. This can be due to lack of a patch release by the vendor or due to lack of information regarding the flaw.
Risk Based Security’s vulnerability report highlighted that 11,092 vulnerabilities have been aggregated in the first half of 2019.
- Out of the 11,092 vulnerabilities reported in the first half of 2019, 54.5% (6045) of them were Web-related vulnerabilities.
- Nearly 53% (5878) of the vulnerabilities were remoted ones that can be exploited remotely.
- 66% of reported vulnerabilities accounted for SQL injection attacks.
- Over 34% (3771) of the reported vulnerabilities do not have a documented solution, making solving these vulnerabilities difficult.
- Around 2.8% of vulnerabilities were classified as SCADA vulnerabilities.
- Out of the 11,092 vulnerabilities, 14.7% (1630) of them are critical ones with CVSSv2 scores over 9.0.
- 34% of the vulnerabilities reported in the first half of 2019 still remain unpatched.
The bottom line
Organizations need to protect all assets in their network as threat actors can exploit non-critical devices to infiltrate their internal network. As attackers continue to exploit the ever-expanding attack surface with new tactics, techniques, and procedures, it is essential for organizations to establish a strong defense against all the known vulnerabilities.