Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-358 (不恰当实现的标准安全检查) — Vulnerability Class 70

70 vulnerabilities classified as CWE-358 (不恰当实现的标准安全检查). AI Chinese analysis included.

CWE-358 represents a critical implementation flaw where developers fail to correctly execute security checks mandated by established standards, protocols, or algorithms. This weakness typically arises when engineers misunderstand complex specifications or attempt to optimize performance by skipping mandatory validation steps, resulting in a system that appears compliant but lacks actual security. Attackers exploit this gap by crafting inputs that bypass the incomplete checks, effectively neutralizing intended protections such as authentication mechanisms or data integrity verifications. To prevent CWE-358, developers must rigorously adhere to standardized guidelines, utilizing automated testing tools that verify compliance with specific protocol requirements. Comprehensive code reviews focusing on security-critical paths and staying updated with the latest standard revisions ensure that all mandated checks are implemented accurately, thereby closing the vulnerability window before deployment.

MITRE CWE Description
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2024-41907 Siemens SINEC Traffic Analyzer 安全特征问题漏洞 — SINEC Traffic Analyzer 4.2 Medium2024-08-13
CVE-2024-23592 Lenovo Fingerprint Reader 安全漏洞 — Synaptics Fingerprint Readers 6.3 Medium2024-04-05
CVE-2023-2585 Keycloak: client access via device auth request spoof — Red Hat Single Sign-On 7 3.5 Low2023-12-21
CVE-2023-3266 CyberPower PowerPanel Business Edition 安全漏洞 — PowerPanel Enterprise 9.8 Critical2023-08-14
CVE-2023-39403 Huawei HarmonyOS 安全漏洞 — HarmonyOS 9.8 -2023-08-13
CVE-2023-28601 Zoom Client 缓冲区错误漏洞 — Zoom for Windows Client 8.3 High2023-06-13
CVE-2023-22393 Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop — Junos OS 7.5 High2023-01-12
CVE-2022-2324 SonicWALL Hosted Email Security 安全特征问题漏洞 — SonicWall Email Security 9.8 -2022-07-29
CVE-2022-27220 Siemens SINEMA Remote Connect Server 安全特征问题漏洞 — SINEMA Remote Connect Server 4.3 -2022-06-14
CVE-2022-27219 Siemens SINEMA Remote Connect Server 安全特征问题漏洞 — SINEMA Remote Connect Server 4.3 -2022-06-14
CVE-2022-25152 ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals — ITarian platform (SAAS / on-premise) 9.9 Critical2022-06-08
CVE-2021-42017 Siemens RUGGEDCOM 安全特征问题漏洞 — RUGGEDCOM i800 5.9 Medium2022-03-08
CVE-2022-22156 Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL — Junos OS 6.5 Medium2022-01-19
CVE-2021-34791 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities — Cisco Adaptive Security Appliance (ASA) Software 4.7 Medium2021-10-27
CVE-2021-34790 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities — Cisco Adaptive Security Appliance (ASA) Software 4.7 Medium2021-10-27
CVE-2021-31375 Junos OS: Receipt of a specific BGP update may cause RPKI policy-checks to be bypassed — Junos OS 7.2 High2021-10-19
CVE-2020-10743 Red Hat OpenShift Container Platform 安全特征问题漏洞 — Kibana 4.3 -2021-06-02
CVE-2020-1761 Red Hat OpenShift 安全漏洞 — openshift/console 6.1 -2021-05-27
CVE-2021-3448 dnsmasq 安全漏洞 — dnsmasq 6.8 -2021-04-08
CVE-2020-25686 Dnsmasq 安全特征问题漏洞 — dnsmasq 3.7 -2021-01-20
CVE-2020-25684 Dnsmasq 安全漏洞 — dnsmasq 3.7 -2021-01-20
CVE-2020-8352 Lenovo Desktop 安全特征问题漏洞 — BIOS 2.4 Low2020-11-11
CVE-2020-1728 Red Hat Keycloak 安全特征问题漏洞 — keycloak 4.8 Medium2020-04-06
CVE-2020-7251 ESConfig Tool able to edit configuration for newer version — Mcafee Endpoint Security (ENS) 5.0 Medium2020-02-14
CVE-2019-14823 JSS CryptoManager 安全特征问题漏洞 — JSS 7.4 -2019-10-14
CVE-2018-16860 Samba 安全漏洞 — samba 7.5 -2019-07-31
CVE-2019-6742 Samsung Galaxy S9 代码注入漏洞 — Galaxy S9 8.8 -2019-06-03
CVE-2019-3894 Red Hat Wildfly Elytron子系统权限许可和访问控制问题漏洞 — wildfly 8.8 -2019-05-03
CVE-2019-3806 PowerDNS Recursor 安全特征问题漏洞 — pdns-recursor 8.1 -2019-01-29
CVE-2018-16857 Samba 安全漏洞 — samba 6.5 -2018-11-28

Vulnerabilities classified as CWE-358 (不恰当实现的标准安全检查) represent 70 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.