目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-353 缺失完整性检查支持 类漏洞列表 30

CWE-353 缺失完整性检查支持 类弱点 30 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-353 指产品在使用传输协议时,缺乏校验和等数据完整性验证机制。攻击者常利用此缺陷在传输过程中篡改数据,而接收方无法察觉内容是否被恶意修改或损坏。开发者应避免使用无完整性保护的协议,或在应用层引入哈希校验、数字签名等机制,确保数据在传输前后的完整性,从而有效防范数据篡改风险。

MITRE CWE 官方描述
CWE:CWE-353 Missing Support for Integrity Check 英文:The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. 如果协议中省略了完整性检查值(integrity check values)或“校验和”(checksums),则无法确定数据在传输过程中是否已损坏。协议中缺乏校验和(checksum)功能,意味着移除了第一个可用的应用程序级数据检查。端到端(end-to-end)的检查原则指出,完整性检查(integrity checks)应在能够完全实现的最低层级执行。排除应用程序执行的进一步健全性检查(sanity checks)和输入验证(input validation),协议的校验和(checksum)是最重要的一层校验,因为它比任何先前层级都能更完整地执行,并且考虑的是整个消息(entire messages),而非单个数据包(single packets)。
常见影响 (2)
Integrity, OtherOther
Data that is parsed and used may be corrupted.
Non-Repudiation, OtherHide Activities, Other
Without a checksum it is impossible to determine if any changes have been made to the data after it was sent.
缓解措施 (2)
Architecture and DesignAdd an appropriately sized checksum to the protocol, ensuring that data received may be simply validated before it is parsed and used.
ImplementationEnsure that the checksums present in the protocol design are properly implemented and added to each message before it is sent.
代码示例 (1)
In this example, a request packet is received, and privileged information is sent to the requester:
while(true) { DatagramPacket rp = new DatagramPacket(rData,rData.length); outSock.receive(rp); InetAddress IPAddress = rp.getAddress(); int port = rp.getPort(); out = secret.getBytes(); DatagramPacket sp =new DatagramPacket(out, out.length, IPAddress, port); outSock.send(sp); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-42428 OpenClaw 安全漏洞 — OpenClaw 7.1 High2026-04-28
CVE-2026-3856 IBM DB2 Recovery Expert 安全漏洞 — Db2 Recovery Expert 5.3 Medium2026-03-17
CVE-2025-10010 CPSD CryptoPro Secure Disk 安全漏洞 — CryptoPro Secure Disk for BitLocker 7.1AIHighAI2026-02-24
CVE-2025-15364 WordPress plugin Download Manager 安全漏洞 — Download Manager 7.3 High2026-01-06
CVE-2026-21437 eopkg 安全漏洞 — eopkg 3.7 -2026-01-01
CVE-2025-48500 F5 BIG-IP Edge Client 安全漏洞 — BIG-IP Edge Client 7.3 High2025-08-13
CVE-2025-48811 Microsoft Windows Virtualization-Based Security Enclave 安全漏洞 — Windows 10 Version 1507 6.7 Medium2025-07-08
CVE-2025-48803 Microsoft Windows Virtualization-Based Security Enclave 安全漏洞 — Windows 10 Version 1507 6.7 Medium2025-07-08
CVE-2024-43108 goTenna Pro 安全漏洞 — Pro ATAK Plugin 5.3 Medium2024-09-26
CVE-2024-47123 goTenna Pro 安全漏洞 — Pro 5.3 Medium2024-09-26
CVE-2023-32475 Dell BIOS 安全漏洞 — CPG BIOS 7.6 High2024-06-07
CVE-2022-24404 TETRA BURST 安全漏洞 — TETRA Standard 5.9 Medium2023-10-19
CVE-2023-29290 Adobe Commerce 安全漏洞 — Magento Commerce 5.3 Medium2023-06-15
CVE-2022-2793 Emerson Proficy Machine Edition 数据伪造问题漏洞 — Proficy Machine Edition 5.9 Medium2022-08-19
CVE-2020-7878 VideoOffice 数据伪造问题漏洞 — VideoOffice 9.8 -2021-12-28
CVE-2021-26610 Nhn Commerce Godomall5 数据伪造问题漏洞 — godomall5 Std, godomall5 Pro 7.2 High2021-10-27
CVE-2021-38396 Boston Scientific Zoom Latitude Programmer/Recorder/Monitor Model 3120 数据伪造问题漏洞 — ZOOM LATITUDE 6.5 Medium2021-10-04
CVE-2021-26608 Handysoft 数据伪造问题漏洞 — HShell.dll 8.8 High2021-09-09
CVE-2021-28546 Adobe Acrobat Reader DC 安全漏洞 — Acrobat Reader 6.5 Medium2021-04-01
CVE-2021-28545 Adobe Acrobat Reader 安全漏洞 — Acrobat Reader 8.1 High2021-04-01
CVE-2020-7807 LG 安全漏洞 — (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) 5.6 Medium2020-09-14
CVE-2020-9062 Diebold Nixdorf 2100xe USB ATMs 访问控制错误漏洞 — ProCash 2100xe USB ATM 5.3 -2020-08-21
CVE-2020-10124 NCR SelfServ ATMs APTRA XFS 访问控制错误漏洞 — SelfServ ATM 7.6 -2020-08-21
CVE-2020-7810 hslogin2.dll ActiveX Control 安全漏洞 — hslogin2.dll 8.8 High2020-08-07
CVE-2019-19160 Capsoft Reportexpress ProPlus 数据伪造问题漏洞 — Reportexpress ProPlus 5.7 Medium2020-06-29
CVE-2020-7808 Raonwiz K Upload 参数注入漏洞 — K Upload 8.7 High2020-05-21
CVE-2019-11480 pc-kernel 数据伪造问题漏洞 — pc-kernel 8.4 High2020-04-14
CVE-2020-10266 Universal Robots UR+ 数据伪造问题漏洞 — URx 8.1 -2020-04-06
CVE-2019-10943 多款Siemens产品数据伪造问题漏洞 — SIMATIC Drive Controller family--2019-08-13
CVE-2019-12804 Hunesion i-oneNet 数据伪造问题漏洞 — i-oneNet 5.5 -2019-07-10

CWE-353(缺失完整性检查支持) 是常见的弱点类别,本平台收录该类弱点关联的 30 条 CVE 漏洞。