Vulnerabilities disclosed during the first three months of 2019 reach a Q1 all-time high
May 16, 2019 • RBS
RICHMOND, VA, May 16, 2019 — Risk Based Security today released the Q1 2019 Vulnerability QuickView Report.
There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high.
CVSSv2 scores of 9.0+, deemed critical issues, accounted for 14.0% of all published Q1 2019 vulnerabilities.
Risk Based Security’s VulnDB published 2,539 (85%) more vulnerabilities than CVE/NVD in the first quarter. 45.8% of the vulnerabilities not published by NVD/CVE have a CVSS score of either 7.0 – 8.99 (high) or 9.0 – 10.0 (critical).
“This continues to illustrate the need for a comprehensive vulnerability intelligence feed and a mature process that can quickly determine the true risk and lead the organization to address issues in a risk-based methodology,” commented Brian Martin, VP of Vulnerability Intelligence at Risk Based Security.
Just over half of all reported vulnerabilities in Q1 2019 have a remote attack vector followed by almost a third having a user-assisted or context-dependent attack vector. Unlike previous quarters, over 13% of the reported vulnerabilities require local access to a system or device. While many are quick to dismiss local attacks as less risky, the increasing use of virtual technology and mobile devices may give an attacker a foothold on a device making local privilege escalation attacks more worrisome.
“The year-after-year increase in vulnerabilities being disclosed is clear, but there is no better example of the growing threats than this: in the last 24 hours, while finishing the Q1 2019 report, we pushed 241 new vulnerabilities to VulnDB,” commented Martin. “That should be an eye-opener and a serious concern to any organization, regardless of size or industry.”
About the Vulnerability QuickView Report
The VulnDB QuickView report is possible through the research conducted by Risk Based Security. It is designed to provide an executive level summary of the key findings from RBS’ aggregation of vulnerabilities disclosed in Q1 2019. Contact Risk Based Security for a specific analysis of the vulnerabilities of critical relevance to your organization.