目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-359 侵犯隐私 类漏洞列表 125

CWE-359 侵犯隐私 类弱点 125 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-359 指软件未能有效防止未授权主体访问个人私密信息,属于隐私泄露类漏洞。攻击者常利用身份验证缺陷、权限配置错误或接口逻辑漏洞,非法获取敏感数据。开发者应实施严格的访问控制策略,确保仅授权用户可访问数据,同时遵循最小权限原则,并对敏感信息进行加密存储与传输,从而杜绝非授权访问风险。

MITRE CWE 官方描述
CWE:CWE-359 向未授权主体暴露私人个人信息 英文:产品未能有效防止某人的私人、个人信息被以下主体访问:(1) 未明确获得访问该信息授权的人员;或 (2) 未获得信息所涉人员默示同意的人员。
常见影响 (1)
ConfidentialityRead Application Data
缓解措施 (3)
RequirementsIdentify and consult all relevant regulations for personal privacy. An organization may be required to comply with certain federal and state regulations, depending on its location, the type of business it conducts, and the nature of any private data it handles. Regulations may include Safe Harbor Privacy Framework [REF-340], Gramm-Leach Bliley Act (GLBA) [REF-341], Health Insurance Portability a…
Architecture and DesignCarefully evaluate how secure design may interfere with privacy, and vice versa. Security and privacy concerns often seem to compete with each other. From a security perspective, all important operations should be recorded so that any anomalous activity can later be identified. However, when private data is involved, this practice can in fact create risk. Although there are many ways in which pri…
Implementation, OperationSome tools can automatically analyze documents to redact, strip, or "sanitize" private information, although some human review might be necessary. Tools may vary in terms of which document formats can be processed. When calling an external program to automatically generate or convert documents, invoke the program with any available options that avoid generating sensitive metada…
代码示例 (2)
The following code contains a logging statement that tracks the contents of records added to a database by storing them in a log file. Among other values that are stored, the getPassword() function returns the user-supplied plaintext password associated with the account.
pass = GetPassword(); ... dbmsLog.WriteLine(id + ":" + pass + ":" + type + ":" + tstamp);
Bad · C#
This code uses location to determine the user's current US State location.
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
Bad · XML
locationClient = new LocationClient(this, this, this); locationClient.connect(); Location userCurrLocation; userCurrLocation = locationClient.getLastLocation(); deriveStateFromCoords(userCurrLocation);
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-66172 Apache CloudStack 备份卷越权附加漏洞 — Apache CloudStack--2026-05-08
CVE-2025-66171 Apache CloudStack 备份数据越权创建虚拟机漏洞 — Apache CloudStack--2026-05-08
CVE-2025-15623 Sparx Systems Sparx Pro Cloud Server 安全漏洞 — Sparx Pro Cloud Server 7.5AIHighAI2026-04-17
CVE-2026-3911 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.4 2.7 Low2026-03-11
CVE-2026-0102 Microsoft Edge 安全漏洞 — Microsoft Edge (Chromium-based) 3.1 Low2026-02-17
CVE-2020-37173 WWBN AVideo 安全漏洞 — AVideo Platform 7.5 High2026-02-11
CVE-2026-24321 SAP Commerce Cloud 安全漏洞 — SAP Commerce Cloud 5.3 Medium2026-02-10
CVE-2025-66605 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 6.1AIMediumAI2026-02-09
CVE-2026-24735 Apache Answer 安全漏洞 — Apache Answer 5.3AIMediumAI2026-02-04
CVE-2025-11598 Ministerstwo Cyfryzacji mObywatel 安全漏洞 — mObywatel 4.0AIMediumAI2026-02-03
CVE-2025-14317 Crazy Bubble Tea App 安全漏洞 — Crazy Bubble Tea 6.5AIMediumAI2026-01-14
CVE-2025-3950 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 3.5 Low2026-01-09
CVE-2025-68945 Gitea 安全漏洞 — Gitea 5.8 Medium2025-12-26
CVE-2025-13008 M-Files Server 安全漏洞 — M-Files Server 6.5AIMediumAI2025-12-19
CVE-2025-1030 Utarit SoliClub 安全漏洞 — SoliClub 7.5 High2025-12-18
CVE-2025-34441 AVideo 安全漏洞 — AVideo 7.5AIHighAI2025-12-17
CVE-2025-10450 RTI Connext Professional 安全漏洞 — Connext Professional 5.3AIMediumAI2025-12-16
CVE-2025-0969 WordPress plugin Brizy – Page Builder 安全漏洞 — Brizy – Page Builder 6.5 Medium2025-12-13
CVE-2025-66510 Nextcloud Server 安全漏洞 — security-advisories 4.5 Medium2025-12-05
CVE-2025-12536 WordPress plugin SureForms 安全漏洞 — SureForms – Contact Form, Payment Form & Other Custom Form Builder 5.3 Medium2025-11-13
CVE-2025-36131 IBM Db2 安全漏洞 — Db2 4.6 Medium2025-11-07
CVE-2025-52602 HCL BigFix Query 安全漏洞 — BigFix Query 4.2 Medium2025-11-05
CVE-2025-35981 Gallagher Command Centre Server 安全漏洞 — Command Centre Server 5.5 Medium2025-10-23
CVE-2025-62644 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 5.0 Medium2025-10-17
CVE-2025-53950 Fortinet FortiDLP 安全漏洞 — FortiDLP 5.1 Medium2025-10-16
CVE-2025-62362 Burgerportaal 安全漏洞 — GPP-burgerportaal 4.3AIMediumAI2025-10-13
CVE-2025-5009 Google Gemini iOS 安全漏洞 — Gemini 5.7AIMediumAI2025-10-08
CVE-2025-59843 Flag Forge 安全漏洞 — flagForge 5.3 -2025-09-26
CVE-2025-41685 SMA Solar Technology AG ennexos.sunnyportal.com 安全漏洞 — ennexos.sunnyportal.com 6.5 Medium2025-08-19
CVE-2025-53765 Microsoft Azure Stack 安全漏洞 — Azure Stack Hub 4.4 Medium2025-08-12

CWE-359(侵犯隐私) 是常见的弱点类别,本平台收录该类弱点关联的 125 条 CVE 漏洞。