VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third-party updates | This Wednesday | 12 PM EST / 6 PM CET

Homepage 5 Research and Guides 5 Software Vulnerability Ratings Report 2024

Software Vulnerability Ratings Report 2024

Software Vulnerability Ratings Report 2024 equips CISOs and CIOs with strategic insights into their software ecosystems, evaluating software applications based on their security track record for more informed procurement decision-making.

The report introduces Exploitation Rate. This metric was developed by the Action1 research team to demonstrate the ratio of exploited vulnerabilities to the total number of vulnerabilities, which indicates the software’s susceptibility to exploitation and highlights the diligence of developers in preventing vulnerabilities rather than merely addressing them after they have been exploited by hackers.

Key Insights:

  • Record exploitation rates for NGINX (100%) and Citrix (57%), indicating attackers increasingly target load balancers.
  • Heightened exploitation rates for MacOS and iOS, with MacOS seeing over 30% increase in exploited vulnerabilities, emphasizing the targeted nature of attacks on iOS devices.
  • MSSQL Server experiences a staggering 1600% surge in critical vulnerabilities, all being RCEs, indicating a rising risk of new exploits.
  • MS Office saw a rise in exploitation rates by 5% in 2023, highlighting attackers’ preference to exploit user-facing software prone to human error.
  • Edge browser witnessed a record number of RCE vulnerabilities, spiking at 17% in 2023, with a 7% exploitation rate, raising concerns about Edge security.
Create the Action1 2022 SMB IT Security Needs Report Page

Download Software Vulnerability Ratings Report 2024

Download the report to discover the most exploited applications and gain essential knowledge to prioritize your efforts in vulnerability monitoring based on vulnerability trends.