CWE-284 访问控制不恰当 类弱点 2086 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-284 属于访问控制缺陷漏洞,指产品未正确限制或完全未限制非授权主体对资源的访问。攻击者通常通过绕过身份验证或权限检查,直接访问敏感数据或执行特权操作。开发者应避免此类问题,需严格实施身份认证与授权机制,确保仅合法用户能访问特定资源,并记录操作日志以增强可追溯性,从而有效防止未授权访问。
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return Truefunction runEmployeeQuery($dbName, $name){ mysql_select_db($dbName,$globalDbHandle) or die("Could not open Database".$dbName); //Use a prepared statement to avoid CWE-89 $preparedStatement = $globalDbHandle->prepare('SELECT * FROM employees WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); return $preparedStatement->fetchAll(); } /.../ $employeeRecord = runEmployeeQuery('EmployeeDB',$_GET['EmployeeName']);| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2023-23911 | Rocket Chat 加密问题漏洞 — Rocket.Chat | 7.5 | - | 2023-03-10 |
| CVE-2023-25605 | Fortinet FortiSOAR 安全漏洞 — FortiSOAR | 7.5 | High | 2023-03-07 |
| CVE-2022-40539 | Qualcomm 芯片 输入验证错误漏洞 — Snapdragon | 8.4 | High | 2023-03-07 |
| CVE-2023-26471 | XWiki Platform 安全漏洞 — xwiki-platform | 10.0 | Critical | 2023-03-02 |
| CVE-2023-26473 | XWiki Platform 安全漏洞 — xwiki-platform | 6.5 | Medium | 2023-03-02 |
| CVE-2023-26474 | XWiki Platform 访问控制错误漏洞 — xwiki-platform | 10.0 | Critical | 2023-03-02 |
| CVE-2023-25821 | Nextcloud 安全漏洞 — security-advisories | 5.7 | Medium | 2023-02-24 |
| CVE-2023-1007 | Filseclab Twister Antivirus 访问控制错误漏洞 — Antivirus | 5.3 | Medium | 2023-02-24 |
| CVE-2023-0998 | Alphaware Simple E-Commerce System 访问控制错误漏洞 — Alphaware Simple E-Commerce System | 6.5 | Medium | 2023-02-24 |
| CVE-2023-0963 | Music Gallery Site 访问控制错误漏洞 — Music Gallery Site | 7.3 | High | 2023-02-22 |
| CVE-2023-22920 | Zyxel LTE3316-M604 安全漏洞 — LTE3316-M604 | 9.8 | Critical | 2023-02-21 |
| CVE-2023-0916 | Auto Dealer Management System 安全漏洞 — Auto Dealer Management System | 6.3 | Medium | 2023-02-19 |
| CVE-2023-22232 | Adobe Connect 访问控制错误漏洞 — Connect | 5.3 | Medium | 2023-02-17 |
| CVE-2023-23923 | Moodle 安全漏洞 | 8.2 | - | 2023-02-17 |
| CVE-2023-24484 | Citrix Workspace App 安全漏洞 — Citrix Workspace App for Windows | - | - | 2023-02-16 |
| CVE-2023-24485 | Citrix Workspace App 安全漏洞 — Citrix Workspace App for Windows | 7.8 | - | 2023-02-16 |
| CVE-2023-22807 | LS ELECTRIC XBC-DN32U 访问控制错误漏洞 — XBC-DN32U | 9.8 | Critical | 2023-02-15 |
| CVE-2023-22805 | LS ELECTRIC XBC-DN32U 访问控制错误漏洞 — XBC-DN32U | 6.5 | Medium | 2023-02-15 |
| CVE-2023-21717 | Microsoft SharePoint 安全漏洞 — Microsoft SharePoint Enterprise Server 2016 | 8.8 | High | 2023-02-14 |
| CVE-2023-21777 | Microsoft Azure App Service 安全漏洞 — Azure App Service on Azure Stack Hub | 8.7 | High | 2023-02-14 |
| CVE-2023-25149 | Timescale TimescaleDB 访问控制错误漏洞 — timescaledb | 8.8 | High | 2023-02-14 |
| CVE-2023-23835 | Siemens Mendix 访问控制错误漏洞 — Mendix Applications using Mendix 7 | 5.9 | Medium | 2023-02-14 |
| CVE-2023-25161 | Nextcloud 安全漏洞 — security-advisories | 3.7 | Low | 2023-02-13 |
| CVE-2023-25159 | Nextcloud 安全漏洞 — security-advisories | 2.3 | Low | 2023-02-13 |
| CVE-2022-46754 | Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite | 8.7 | High | 2023-02-10 |
| CVE-2022-46755 | Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite | 4.9 | Medium | 2023-02-10 |
| CVE-2022-46677 | Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite | 6.8 | Medium | 2023-02-10 |
| CVE-2022-46678 | Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite | 4.9 | Medium | 2023-02-10 |
| CVE-2022-46676 | Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite | 4.9 | Medium | 2023-02-10 |
| CVE-2022-33243 | Qualcomm IPC 安全漏洞 — Snapdragon | 8.4 | High | 2023-02-09 |
CWE-284(访问控制不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 2086 条 CVE 漏洞。