top of page
  • Writer's pictureORNA

AWARE. PREPARE. RESPOND - Top 20 Vulnerabilities Announced By US Agencies


US authorities, the FBI, CISA, and the NSA have released a 'top 20' of vulnerabilities used by Chinese threat actors since 2020. The vulnerabilities predominantly allowed remote code execution or command injection and affected a number of technologies, including Log4J and vendors such as Microsoft, Atlassian, F-5, and Citrix.

The software listed within the top 20 is commonly used in business environments and provides actors with a wide range of targets to leverage for data theft.

The full list of vulnerabilities is below:

  1. Apache Log4J (CVE-2021-44228)

  2. Pulse Connect Secure (CVE-2019-11510)

  3. GitLab CE/EE (CVE-2021-22205)

  4. Atlassian (CVE-2022-26134)

  5. Microsoft Exchange (CVE-2021-26855)

  6. F5 Big-IP (CVE-2020-5902)

  7. VMware vCenter Server (CVE-2021-22005)

  8. Citrix ADC (CVE-2019-19781)

  9. Cisco Hyperflex (CVE-2021-1497)

  10. Buffalo WSR (CVE-2021-20090)

  11. Atlassian Confluence Server and Data Center (CVE-2021-26084)

  12. Hikvision Webserver (CVE-2021-36260)

  13. Sitecore XP(CVE-2021-42237)

  14. F5 Big-IP (CVE-2022-1388)

  15. Apache (CVE-2022-24112)

  16. ZOHO (CVE-2021-40539)

  17. Microsoft (CVE-2021-26857)

  18. Microsoft (CVE-2021-26858)

  19. Microsoft (CVE-2021-27065)

  20. Apache HTTP Server (CVE-2021-41773)



Minimizing vulnerabilities within your organization reduces the opportunities for attackers to successfully breach your network, and therefore, reduces the risk of compromise and data loss. We recommend that organizations consider the steps below to identify possible threats:

  • Review the CISA briefing and determine if you have any vulnerable technology on your estate.

  • Update and patch software promptly wherever possible to reduce the availability of security weaknesses.

  • Utilize multi-factor authentication wherever available.

  • Block obsolete or unused network protocols at the network perimeter.

  • Collect and monitor logs from perimeter devices.


ORNA provides organizations with a clear, step-by-step guide for how to respond in the event of a cyber attack supported, if needed, by our incident response experts.

In addition, ORNA's Alerts module allows organizations to monitor assets and provides alerts enriched with deep insight including tools, tactics, procedures, and indicators of compromise, allowing you to promptly identify and respond to potential network threats.

If you have any questions, need more information, or require support in implementing these recommendations please contact:

An article by Eleanor Upson

Edited by Anne Caminer




Rome wasn't built in a day, but your SOC might be.


Weekly cyber insights

Thanks for submitting!

bottom of page