* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Xpanse Covers Top Vulnera...

# Xpanse Covers Top Vulnerabilities Warned of by CISA

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxpanse-covers-top-vulnerabilities-warned-of-by-cisa%2F)  
[](https://twitter.com/share?text=Xpanse+Covers+Top+Vulnerabilities+Warned+of+by+CISA&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxpanse-covers-top-vulnerabilities-warned-of-by-cisa%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxpanse-covers-top-vulnerabilities-warned-of-by-cisa%2F&title=Xpanse+Covers+Top+Vulnerabilities+Warned+of+by+CISA&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/xpanse-covers-top-vulnerabilities-warned-of-by-cisa/&ts=markdown)  
\[\](mailto:?subject=Xpanse Covers Top Vulnerabilities Warned of by CISA)  
Link copied  
By [Alyssa Ramella](https://www.paloaltonetworks.com/blog/author/alyssa-ramella/?ts=markdown "Posts by Alyssa Ramella")  
Aug 14, 2023  
3 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)  
[Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown)  
[CISA](https://www.paloaltonetworks.com/blog/tag/cisa/?ts=markdown)  
[Cortex Xpanse](https://www.paloaltonetworks.com/blog/tag/cortex-xpanse/?ts=markdown)  
[Vulnerabilities](https://www.paloaltonetworks.com/blog/tag/vulnerabilities/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

In the fast-evolving world of technology and interconnectedness, cyberthreats have become a formidable challenge for businesses, governments, and individuals alike. To stay ahead in this relentless cat-and-mouse game with cybercriminals, the Cybersecurity and Infrastructure Security Agency (CISA) has released a comprehensive report on the ["2022 Top Routinely Exploited Vulnerabilities."](https://www.cisa.gov/sites/default/files/2023-08/aa23-215a_joint_csa_2022_top_routinely_exploited_vulnerabilities.pdf) This report sheds light on some of the most pervasive vulnerabilities that threat actors have consistently targeted and are expected to continue targeting in the future. To get ahead of threat actors, Cortex Xpanse uses policies to alert customers of any vulnerable assets facing the internet.

**The Landscape of Major Vulnerabilities**

The "2022 Top Routinely Exploited Vulnerabilities" touches on significant vulnerabilities spanning various technologies, including VMware, Fortinet, and Microsoft products. These widely used platforms have been exploited repeatedly, making them attractive targets for cybercriminals seeking to compromise digital assets.

**Empowering Organizations with Xpanse's Cutting-Edge Solutions**

While security teams may have the capacity to remediate these issues, being able to find every vulnerable asset connected to your organization can be a challenge. Automating discovery and inventory of assets and exposures it a necessity in a world where assets move, change, and are created in dynamic fashion.

Through continuous indexing of assets across the internet, Xpanse's researchers have discovered vulnerable instances of several critical technologies:

* VMWare Workspace One Access: At least 1,072 instances
* VMWare Workspace One Intelligence: 385 instances
* VMWare Workspace One Administrative Configurator: 80 instances

Xpanse has created a series of robust policies in the platform to identify assets exposed to these popular exploits.

Below is a list of top CVEs according to CISA and their associated Xpanse policy:

|      **CVE**       |                    **Xpanse Policy**                    |
| **CVE-2018-13379** |                  **Fortinet FortiOS**                   |
| **CVE-2021-34473** |         **Insecure Microsoft Exchange Server**          |
| **CVE-2021-31207** |         **Insecure Microsoft Exchange Server**          |
| **CVE-2021-34523** |         In**secure Microsoft Exchange Server**          |
|   CVE-2021-40539   |          Zoho ManageEngine ADSelfService Plus           |
|   CVE-2021-26084   |            Atlassian Confluence Data Center             |
|   CVE-2021-26084   |        Insecure Atlassian Confluence Data Center        |
|   CVE-2021-26084   |               Atlassian Confluence Server               |
|   CVE-2021-26084   |          Insecure Atlassian Confluence Server           |
|   CVE-2022-22960   |           VMware Workspace ONE Access Server            |
|   CVE-2022-22960   |    VMware Workspace One Administrative Configurator     |
|   CVE-2022-22954   |           VMware Workspace ONE Access Server            |
|   CVE-2022-22954   |    VMware Workspace One Administrative Configurator     |
|   CVE-2022-1388    |       F5 BIG-IP Advanced Web Application Firewall       |
|   CVE-2022-1388    |             F5 BIG-IP Access Policy Manager             |
|   CVE-2022-1388    |                     F5 BIG-IP TMUI                      |
|   CVE-2022-1388    |                   F5 BIG-IP Platform                    |
|   CVE-2022-30190   |            Microsoft Windows Server 2012 R2             |
|   CVE-2022-26134   |            Atlassian Confluence Data Center             |
|   CVE-2022-26134   |        Insecure Atlassian Confluence Data Center        |
|   CVE-2022-26134   |               Atlassian Confluence Server               |
|   CVE-2022-26134   |          Insecure Atlassian Confluence Server           |
|   CVE-2021-44228   |            Log4Shell-Vulnerable Apache Solr             |
|   CVE-2021-44228   |  Log4Shell-Vulnerable IBM WebSphere Application Server  |
|   CVE-2021-44228   |      Log4Shell-Vulnerable SonicWall Email Security      |
|   CVE-2021-44228   | Log4Shell-Vulnerable VMware Workspace ONE Access Server |
|--------------------|---------------------------------------------------------|

As the digital landscape continues to expand, so do the cyberthreats. The topics covered in the "2022 Top Routinely Exploited Vulnerabilities" report highlights how critical attack surface management solutions are to a fully holistic approach to Zero Trust. By leveraging Xpanse's ability to index the global internet, organizations fill crucial gaps in their data and can truly leverage the rest of their security toolbox to safeguard all critical assets.

[Request a demo today](https://start.paloaltonetworks.com/demo-request)

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### MOVEit or Lose it: Securing assets from critical MOVEit flaw with Xpanse ASM](https://www2.paloaltonetworks.com/blog/security-operations/moveit-or-lose-it-securing-assets-from-critical-moveit-flaw-with-xpanse-asm/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Cortex Xpanse: Two-Time Leader, Outperformer, Market-Beater](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xpanse-only-leader-and-outperformer-in-gigaom-radar-asm-evaluation/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Discover Your VMware ESXi Exposures with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/discover-your-vmware-esxi-exposures-with-cortex-xpanse/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Find and Fix Your Unknown Risk With Active Attack Surface Management](https://www2.paloaltonetworks.com/blog/2022/12/active-attack-surface-management-with-cortex-xpanse/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Automate Insecure OpenSSH vulnerability patching in Ubuntu AWS EC2 with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/automate-insecure-openssh-vulnerability-patching-in-ubuntu-aws-ec2-with-cortex-xpanse/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Get Ahead of Chrome Changes with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/get-ahead-of-chrome-changes-with-cortex-xpanse/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language