目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-311 敏感数据加密缺失 类漏洞列表 257

CWE-311 敏感数据加密缺失 类弱点 257 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-311指敏感数据在存储或传输过程中缺乏加密保护的安全漏洞。攻击者常通过窃听网络流量或非法访问存储介质,直接读取明文敏感信息,导致数据泄露。开发者应避免此风险,确保对密码、个人身份信息等关键数据实施强加密算法,并在传输时采用TLS等安全协议,以保障数据的机密性与完整性。

MITRE CWE 官方描述
CWE:CWE-311 Missing Encryption of Sensitive Data 英文:The product does not encrypt sensitive or critical information before storage or transmission.
常见影响 (2)
ConfidentialityRead Application Data
If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to…
Confidentiality, IntegrityModify Application Data
Omitting the use of encryption in any program which transfers data over a network of any kind should be considered on par with delivering the data sent to each user on the local networks of both the sender and receiver. Worse, this omission allows for the injection of data into a stream of communica…
缓解措施 (5)
RequirementsClearly specify which data or resources are valuable enough that they should be protected by encryption. Require that any transmission or storage of this data/resource should use well-vetted encryption algorithms.
Architecture and DesignEnsure that encryption is properly integrated into the system design, including but not necessarily limited to: Encryption that is needed to store or transmit private data of the users of the system Encryption that is needed to protect the system itself from unauthorized disclosure or tampering Identify the separate needs and contexts for encryption: One-way (i.e., only the user or recipient needs…
Architecture and DesignWhen there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis. For example, US government systems require FIPS 1…
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
Implementation, Architecture and DesignWhen using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
代码示例 (2)
This code writes a user's login information to a cookie so the user does not have to login again later.
function persistLogin($username, $password){ $data = array("username" => $username, "password"=> $password); setcookie ("userdata", $data); }
Bad · PHP
The following code attempts to establish a connection, read in a password, then store it to a buffer.
server.sin_family = AF_INET; hp = gethostbyname(argv[1]); if (hp==NULL) error("Unknown host"); memcpy( (char *)&server.sin_addr,(char *)hp->h_addr,hp->h_length); if (argc < 3) port = 80; else port = (unsigned short)atoi(argv[3]); server.sin_port = htons(port); if (connect(sock, (struct sockaddr *)&server, sizeof server) < 0) error("Connecting"); ... while ((n=read(sock,buffer,BUFSIZE-1))!=-1) { write(dfd,password_buffer,n); ...
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-34486 Apache Tomcat 安全漏洞 — Apache Tomcat 7.5AIHighAI2026-04-09
CVE-2026-34992 Antrea 安全漏洞 — antrea 7.5AIHighAI2026-04-06
CVE-2026-28678 DSA Study Hub 安全漏洞 — DSA-with-tsx 8.1 High2026-03-07
CVE-2026-27944 Nginx UI 安全漏洞 — nginx-ui 9.8 Critical2026-03-05
CVE-2025-15548 TP-Link VX800v 安全漏洞 — VX800v v1.0 6.5AIMediumAI2026-01-29
CVE-2025-13453 Lenovo ThinkPlus 安全漏洞 — ThinkPlus FU100 4.6 Medium2026-01-14
CVE-2025-36751 Growatt ShineLan-X 安全漏洞 — ShineLan-X 7.4AIHighAI2025-12-13
CVE-2025-13053 ASUSTOR ADM 安全漏洞 — ADM 3.7AILowAI2025-12-12
CVE-2025-59410 Dragonfly 安全漏洞 — dragonfly 5.9AIMediumAI2025-09-17
CVE-2025-10227 AxxonSoft AxxonOne 安全漏洞 — AxxonOne C-Werk 4.6 Medium2025-09-10
CVE-2025-31977 HCL BigFix SM 安全漏洞 — BigFix Service Management (SM) 5.3 Medium2025-08-28
CVE-2024-41982 Siemens多款产品 安全漏洞 — SmartClient modules Opcenter QL Home (SC) 4.8 Medium2025-08-12
CVE-2024-41980 Siemens SmartClient modules Opcenter QL Home 安全漏洞 — SmartClient modules Opcenter QL Home (SC) 3.1 Low2025-08-12
CVE-2025-8763 Ruijie EG306MG 安全漏洞 — EG306MG 3.7 Low2025-08-09
CVE-2025-40680 Capillary.io CapillaryScope 安全漏洞 — CapillaryScope 5.5 -2025-07-24
CVE-2025-33020 IBM Engineering Systems Design Rhapsody 安全漏洞 — Engineering Systems Design Rhapsody 5.9 Medium2025-07-23
CVE-2025-36062 IBM Cognos Analytics Mobile 安全漏洞 — Cognos Analytics Mobile 5.9 Medium2025-07-21
CVE-2025-24008 Siemens SIRIUS 3RK3 Modular Safety System和Siemens SIRIUS Safety Relays 3SK2 安全漏洞 — SIRIUS 3RK3 Modular Safety System (MSS) 6.5 Medium2025-05-13
CVE-2025-47274 ToolHive 安全漏洞 — toolhive 6.5AIMediumAI2025-05-12
CVE-2023-37405 IBM Cloud Pak System 安全漏洞 — Cloud Pak System 6.5 Medium2025-03-27
CVE-2025-1243 api-go 安全漏洞 — api-go library 8.2 -2025-02-12
CVE-2024-38325 IBM Storage Defender 安全漏洞 — Storage Defender - Resiliency Service 5.9 Medium2025-01-27
CVE-2024-7142 CloudVision Portal 安全漏洞 — CloudVision Appliance 4.6 Medium2025-01-10
CVE-2024-56439 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 High2025-01-08
CVE-2024-47871 Gradio 安全漏洞 — gradio 9.1AICriticalAI2024-10-10
CVE-2024-20515 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 6.5 Medium2024-10-02
CVE-2023-52948 Synology Active Backup for Business Agent 安全漏洞 — Synology Active Backup for Business Agent 5.0 Medium2024-09-26
CVE-2023-52950 Synology Active Backup for Business Agent 安全漏洞 — Synology Active Backup for Business Agent 5.3 Medium2024-09-26
CVE-2024-42495 Hughes WL3000 Fusion Software 安全漏洞 — WL3000 Fusion Software 6.5 Medium2024-09-05
CVE-2024-40620 Rockwell Automation Pavilion8 安全漏洞 — Pavilion8® 7.5AIHighAI2024-08-14

CWE-311(敏感数据加密缺失) 是常见的弱点类别,本平台收录该类弱点关联的 257 条 CVE 漏洞。