目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-319 敏感数据的明文传输 类漏洞列表 354

CWE-319 敏感数据的明文传输 类弱点 354 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-319 指敏感信息在通信过程中以明文形式传输,易被网络嗅探。攻击者通常利用中间人攻击或公共 Wi-Fi 环境截获数据,窃取凭证或隐私。开发者应避免使用 HTTP 等未加密协议,强制实施 TLS/SSL 加密传输,并对关键数据进行端到端加密,确保即使数据被拦截也无法被解读,从而保障通信安全。

MITRE CWE 官方描述
CWE:CWE-319 敏感信息明文传输 英文:产品在通信通道中以明文形式传输敏感或安全关键数据,该通道可被未授权方嗅探。
常见影响 (2)
Integrity, ConfidentialityRead Application Data, Modify Files or Directories
Anyone can read the information by gaining access to the channel being used for communication. Many communication channels can be "sniffed" (monitored) by adversaries during data transmission. For example, in networking, packets can traverse many intermediary nodes from the source to the destination…
Integrity, ConfidentialityRead Application Data, Modify Files or Directories, Other
When full communications are recorded or logged, such as with a packet dump, an adversary could attempt to obtain the dump long after the transmission has occurred and try to "sniff" the cleartext from the recorded communications in the dump itself. Even if the information is encoded in a way that i…
缓解措施 (5)
Architecture and DesignBefore transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
ImplementationWhen using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
ImplementationWhen designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
TestingUse tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
OperationConfigure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
代码示例 (2)
The following code attempts to establish a connection to a site to communicate sensitive information.
try { URL u = new URL("http://www.secret.example.org/"); HttpURLConnection hu = (HttpURLConnection) u.openConnection(); hu.setRequestMethod("PUT"); hu.connect(); OutputStream os = hu.getOutputStream(); hu.disconnect(); } catch (IOException e) { //... }
Bad · Java
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2025-59852 HCL DFXAnalytics 传输层保护不足漏洞 — DFXAnalytics 3.7 Low2026-05-06
CVE-2026-7610 TRENDnet TEW-821DAP固件升级中ssi明文传输漏洞 — TEW-821DAP 3.7 Low2026-05-02
CVE-2026-42514 CDAC e-Sushrut 安全漏洞 — e-Sushrut, Hospital Management Information System (HMIS) 9.8AICriticalAI2026-04-29
CVE-2026-40431 SenseLive X3050 安全漏洞 — X3050 5.3 Medium2026-04-23
CVE-2026-41275 Flowise 安全漏洞 — Flowise 6.8AIMediumAI2026-04-23
CVE-2025-31981 HCL BigFix Service Management Discovery 安全漏洞 — BigFix Service Management (SM) 5.3 Medium2026-04-21
CVE-2026-40045 OpenClaw 安全漏洞 — OpenClaw 5.7 Medium2026-04-20
CVE-2026-6066 ConnectWise Automate 安全漏洞 — Automate 7.1 High2026-04-20
CVE-2026-33569 Anviz CX2 Lite 安全漏洞 — Anviz CX7 Firmware 6.5 Medium2026-04-17
CVE-2026-22155 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR on-premise 6.2 Medium2026-04-14
CVE-2026-21742 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR PaaS 5.4 Medium2026-04-14
CVE-2026-31923 Apache Apisix 安全漏洞 — Apache APISIX 7.5 -2026-04-14
CVE-2026-31924 Apache Apisix 安全漏洞 — Apache APISIX 7.5 -2026-04-14
CVE-2026-5115 PaperCut NG/MF 安全漏洞 — Papercut NG/MF 7.1AIHighAI2026-03-31
CVE-2026-5119 libsoup 安全漏洞 — Red Hat Enterprise Linux 8 5.9 Medium2026-03-30
CVE-2026-1014 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 6.5 Medium2026-03-25
CVE-2025-64648 IBM Concert 安全漏洞 — Concert 5.9 Medium2026-03-25
CVE-2026-20115 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 6.1 Medium2026-03-25
CVE-2026-4584 HCCTG MPOS M6 PLUS 安全漏洞 — MPOS M6 PLUS 3.1 Low2026-03-23
CVE-2026-24060 Automated Logic WebCtrl 安全漏洞 — WebCTRL Premium Server 9.1 Critical2026-03-20
CVE-2026-32309 Cryptomator 安全漏洞 — cryptomator 9.1 -2026-03-20
CVE-2026-32838 Edimax GS-5008PL 安全漏洞 — Edimax GS-5008PL 7.5 High2026-03-17
CVE-2025-13718 IBM Sterling Partner Engagement Manager 安全漏洞 — Sterling Partner Engagement Manager 3.7 Low2026-03-13
CVE-2026-23661 Microsoft Azure IoT Explorer 安全漏洞 — Azure IoT Explorer 7.5 High2026-03-10
CVE-2026-2671 Mendi Neurofeedback Headset 安全漏洞 — Neurofeedback Headset 3.1 Low2026-03-07
CVE-2026-30796 RustDesk Server PRO 安全漏洞 — RustDesk Server Pro 6.2 -2026-03-05
CVE-2026-30795 RustDesk 安全漏洞 — RustDesk Client 7.5 -2026-03-05
CVE-2026-20801 Gallagher NxWitness VMS 安全漏洞 — NxWitness VMS and Hanwha VMS Integrations 5.6 Medium2026-03-03
CVE-2026-27752 SODOLA SL902-SWTGW124AS 安全漏洞 — SODOLA SL902-SWTGW124AS 5.9 Medium2026-02-27
CVE-2026-24455 Jinan USR IOT USR-W610 安全漏洞 — USR-W610 7.5 High2026-02-20

CWE-319(敏感数据的明文传输) 是常见的弱点类别,本平台收录该类弱点关联的 354 条 CVE 漏洞。