Vulnerabilities in Veritas backup software and Computer Associates BrightStor ARCServe Backup are very troubling, according to the SANSInstitute and the team of experts who compiled the update.
"Backup software is typically at the core of critical and important data for any organization," said Gerhard Eschelbeck, CTO at Qualys. "Compromise of a backup infrastructure is equal to compromise of a complete organization."
The update also cites several vulnerabilities in Microsoft products, including Internet Explorer, Oracle, Apple iTunes, and Firefox.
The report, which is an update to the SANS Top 20 list published annually in the fall, was culled from 422 new vulnerabilities discovered in the second quarter of this year. That number represents nearly a 20 percent increase from the number of flaws found in the second quarter of 2004.
"These critical vulnerabilities are widespread and many of them are being exploited right now," said Alan Paller, director of research at the SANS Institute. "We're publishing this list as a red flag for individuals as well as IT departments."
SANS began releasing quarterly updates to its annual list this year. Details are available at www.sans.org