Commonly exploited application

What has been found

Commonly exploited application.

Software was detected that is widely used, but also widely exploited - often very quickly after new vulnerabilities are discovered.

Why this is a potential risk

Software was detected that is widely used, but also widely exploited - often very quickly after new vulnerabilityies are discovered. Such services, when exposed to the internet, become attractive targets for attackers. They can be used as entry points for various attacks such as ransomware, data exfiltration, or unauthorised access. Best practice is to restrict these services to trusted internal networks.

Potential solutions/Improvements

• Immediately patch the software if vulnerabilities have been disclosed recently.

• Subscribe to the vendor’s security advisory feed or use a vulnerability intelligence tool.

• Restrict access from the internet where possible — expose only if business-critical.

• Use Web Application Firewalls (WAFs) or reverse proxies with virtual patching.

• Monitor exploit attempts using an IDS or EDR solution.

• Implement a software bill of materials (SBOM) to track dependencies in custom apps.

How to verify it is resolved:

• Perform external and internal vulnerability scans against the affected software.

• Confirm that the running version matches the latest secure release.

• Validate that access is controlled (via firewall rules, authentication, or segmentation).

• Check for active exploit attempts in logs or SIEM.

External references

• NCSC – Advice and Guidance
• CISA – Known Exploited Vulnerabilities Catalog
• OWASP – Vulnerable and Outdated Components