Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1104 (使用未维护的第三方组件) — Vulnerability Class 13

13 vulnerabilities classified as CWE-1104 (使用未维护的第三方组件). AI Chinese analysis included.

CWE-1104 represents a supply chain weakness where software dependencies rely on third-party components that lack active maintenance or security support from their original developers. This vulnerability is typically exploited by threat actors who identify known, unpatched flaws within these obsolete libraries, leveraging them to execute remote code injection, data exfiltration, or privilege escalation attacks. Because unmaintained components cease receiving security updates, they become persistent entry points for adversaries seeking to bypass modern defenses. To mitigate this risk, developers must implement rigorous dependency management practices, including regular automated audits to identify outdated packages and establish strict policies for replacing unsupported libraries with actively maintained alternatives. Continuous monitoring of vulnerability databases and integrating software composition analysis tools into the CI/CD pipeline further ensures that only secure, current components are integrated into the final product, thereby reducing the attack surface associated with legacy code.

MITRE CWE Description
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
Common Consequences (1)
OtherReduce Maintainability, Varies by Context
Relying on unmaintained components makes it difficult or impossible to fix significant bugs and vulnerabilities, can render code obsolete, and undermine security by complicating maintenance and increasing the risk of new vulnerabilities.
CVE IDTitleCVSSSeverityPublished
CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection — SicuroWeb (Sicuro24) 8.7 High2026-04-22
CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability — Aftermarket DPC 2.6 Low2026-03-26
CVE-2025-12104 Incorrect Content-Type Header — BLU-IC2 8.1AIHighAI2025-10-23
CVE-2025-52658 HCL MyXalytics is affected by the use of vulnerable/outdated versions — MyXalytics 3.5 Low2025-10-03
CVE-2025-34192 Vasion Print (formerly PrinterLogic) Usage of Outdated and Unsupported OpenSSL Version — Print Virtual Appliance Host 9.1 -2025-09-19
CVE-2025-10220 Outdated Third-Party NuGet Packages in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 — AxxonOne C-Werk 9.8 Critical2025-09-10
CVE-2025-48862 BOSCH ctrlX OS 安全漏洞 — ctrlX OS - Setup 7.1 High2025-08-14
CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained — iSAP Smart Collector 8.7 High2025-07-09
CVE-2024-11999 Schneider Electric多款产品 安全漏洞 — Harmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure Operator Terminal Expert runtime 8.8 High2024-12-17
CVE-2024-8885 Sophos Intercept X 安全漏洞 — Sophos Intercept X 8.8 High2024-10-02
CVE-2024-35252 Azure Storage Movement Client Library Denial of Service Vulnerability — Azure Storage 7.5 High2024-06-11
CVE-2023-7102 Remote Code Execution (RCE) Vulnerability — Barracuda ESG Appliance 9.8 -2023-12-24
CVE-2021-22142 Kibana Reporting vulnerabilities — Kibana 6.6 Medium2023-11-22

Vulnerabilities classified as CWE-1104 (使用未维护的第三方组件) represent 13 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.